Page 1037 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1037
that it is investigating Equifax, and legislators are urging other federal
agencies to investigate the company too.
Identifying Threats
After identifying and prioritizing assets, an organization attempts to
identify any possible threats to the valuable systems. Threat modeling
refers to the process of identifying, understanding, and categorizing
potential threats. A goal is to identify a potential list of threats to these
systems and to analyze the threats.
Attackers aren’t the only type of threat. A threat can be
something natural, such as a flood or earthquake, or it could be
accidental, such as a user accidentally deleting a file. However,
when considering access control, threats are primarily
unauthorized individuals (commonly attackers) attempting
unauthorized access to resources.
Threat modeling isn’t meant to be a single event. Instead, it’s common
for an organization to begin threat modeling early in the design
process of a system and continue throughout its lifecycle. For example,
Microsoft uses its Security Development Lifecycle process to consider
and implement security at each stage of a product’s development. This
supports the motto of “Secure by Design, Secure by Default, Secure in
Deployment and Communication” (also known as SD3+C). Microsoft
has two primary goals in mind with this process:
To reduce the number of security-related design and coding defects
To reduce the severity of any remaining defects
A threat modeling process focused on access controls would attempt to
identify any potential threats that could bypass access controls and
gain unauthorized access to a system. The common threat to access
controls are attackers, and the “Common Access Control Attacks”
section later in this chapter identifies many common types of attacks.
Advanced Persistent Threats
