Page 116 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 116
environment, it needs to be divided into smaller containers or
compartments. Those might be subroutines, modules, or objects if
you’re focusing on software, computers, or operating systems; they
might be protocols if you’re focusing on systems or networks; or they
might be departments, tasks, and networks if you’re focusing on an
entire business infrastructure. Each identified sub-element should be
evaluated in order to understand inputs, processing, security, data
management, storage, and outputs.
In the decomposition process, you must identify five key concepts:
Trust Boundaries Any location where the level of trust or security
changes
Data Flow Paths The movement of data between locations
Input Points Locations where external input is received
Privileged Operations Any activity that requires greater privileges
than of a standard user account or process, typically required to make
system changes or alter security
Details about Security Stance and Approach The declaration of
the security policy, security foundations, and security assumptions
Breaking down a system into its constituent parts makes it much
easier to identity the essential components of each element as well as
take notice of vulnerabilities and points of attack. The more you
understand exactly how a program, system, or environment operates,
the easier it is to identity threats to it.
Prioritization and Response
As threats are identified through the threat modeling procedure,
additional activities are prescribed to round out the process. Next is to
fully document the threats. In this documentation, you should define
the means, target, and consequences of a threat. Consider including
the techniques required to implement an exploitation as well as list
potential countermeasures and safeguards.
After documentation, rank or rate the threats. This can be
accomplished using a wide range of techniques, such as Probability ×
