Lecture 2

Question 1

What questions should you ask when you are threat modelling?

Answer 1

What are you building?
What can go wrong?
How can fix or avoid the threats?
Reflect on previous?

Question 2

How can you potray what you are building and it’s assets?

Answer 2

Design a diagram.

Question 3

What matters in a system? How can you categories a system and it’s assets?

Answer 3

External entities, proccesses data stores, the flow of data and trust boundaries.

Question 4

What is an external entity?

Answer 4

Anything that exists outside the system that interacts with the system.

Question 5

What are proccesses within a system?

Answer 5

It is something a system does or is, an example of this is a program or a code. Or a way of communicating.

Question 6

What is a data store?

Answer 6

Any form of data information depositry.

Question 7

What does STRIDE stand for?

Answer 7

Spoofing, tampering, repudiation, information disclosure, denial of service and elevation of privilege.

Question 8

Spoofing.

Answer 8

.

Question 9

Tampering.

Answer 9

T

Question 10

Repudiation.

Answer 10

R

Question 11

Information disclosure

Answer 11

I

Question 12

Denial of service.

Answer 12

D

Question 13

Elevation of privilege.

Answer 13

.

Question 14

What does META stand for?

Answer 14

Mitigation, eliminate, transfer or accept.

Question 15

Mitigate.

Answer 15

.

Question 16

Eliminate

Answer 16

.

Question 17

Transfer.

Answer 17

T

Question 18

Accept.

Answer 18

A