You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Product type Paperback

Published in Sep 2023

Publisher Packt

ISBN-13 9781803236902

Length 316 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Shobhit Mehta

View More author details

Table of Contents (28) Chapters

Preface

1. Part 1: Governance, Risk, and Compliance and CRISC

2. Chapter 1: Governance, Risk, and Compliance FREE CHAPTER

3. Chapter 2: CRISC Practice Areas and the ISACA Mindset

4. Part 2: Organizational Governance, Three Lines of Defense, and Ethical Risk Management

5. Chapter 3: Organizational Governance, Policies, and Risk Management

6. Chapter 4: The Three Lines of Defense and Cybersecurity

7. Chapter 5: Legal Requirements and the Ethics of Risk Management

8. Part 3: IT Risk Assessment, Threat Management, and Risk Analysis

9. Chapter 6: Risk Management Life Cycle

10. Chapter 7: Threat, Vulnerability, and Risk

11. Chapter 8: Risk Assessment Concepts, Standards, and Frameworks

12. Chapter 9: Business Impact Analysis, and Inherent and Residual Risk

13. Part 4: Risk Response, Reporting, Monitoring, and Ownership

14. Chapter 10: Risk Response and Control Ownership

15. Chapter 11: Third-Party Risk Management

16. Chapter 12: Control Design and Implementation

17. Chapter 13: Log Aggregation, Risk and Control Monitoring, and Reporting

18. Part 5: Information Technology, Security, and Privacy

19. Chapter 14: Enterprise Architecture and Information Technology

20. Chapter 15: Enterprise Resiliency and Data Life Cycle Management

21. Chapter 16: The System Development Life Cycle and Emerging Technologies

22. Chapter 17: Information Security and Privacy Principles

23. Part 6: Practice Quizzes

24. Chapter 18: Practice Quiz – Part 1

25. Chapter 19: Practice Quiz – Part 2

26. Index

Why subscribe?

27. Other Books You May Enjoy

Understanding threat modeling

Threat modeling is a structured approach to identifying threats, potential vulnerabilities, and corresponding security requirements, quantifying threat and vulnerability criticality, and prioritizing remediation per severity. It is performed as a proactive measure during product design and development to ensure that adequate controls are in place before the deployment.

There are four generic steps in threat modeling:

Model: What are we building?
Identify Threats: What could go wrong?
Mitigate: What countermeasures do we have to defend against the threats?
Validate: Have we performed all the previous steps?

These steps can be visualized as follows:

Figure 7.2 – The threat modeling cycle

The purpose of threat modeling is to provide defenders with a systematic analysis of the most likely attack vectors. Threat modeling helps in identifying high-value assets, assets that are vulnerable to attack...

The rest of the chapter is locked

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

Understanding threat modeling

Authors (1)

Personalised recommendations for you

You're reading from ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide A primer on GRC and an exam guide for the most recent and rigorous IT risk certification

Table of Contents (28) Chapters

Understanding threat modeling

Unlock this book and the full library FREE for 7 days

Authors (1)

Personalised recommendations for you