Module 3.2

Question 1

What are the factors of Treat Modeling

Answer 1

Threat actors, Threat source/agent, Threat event

Question 2

3 Threat Actors (Understanding the operational environment)

Answer 2

Motivation, Capabilities, Persistence

Question 3

Categories of Threat Agents

Answer 3

Accidental, Structural, Environmental

Question 4

Actors in Accidental Threat Agent

Answer 4

User, Privileged user or administrator

Question 5

Components of Structural Threat Agent

Answer 5

IT equipment, Environmental controls, Software

Question 6

Examples of Environmental Threat Agent

Answer 6

Natural or man-made disaster, Unusual/rare natural events, Infrastructure failure (Telecommunications, Power)

Question 7

STRIDE model acronym

Answer 7

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Escalation of Privilege

Question 8

DREAD Acronym (Rating Thread Impact)

Answer 8

Damage, Reproducibility, Exploitability, Affected Users, Discoverability

Question 9

Set of points on the boundary of a system, system element, or environment where an attacker can try to enter, cause an effect on, or extract data from

Answer 9

Attack Surface
Relative Attack Surface Quotient (RASQ)

Question 10

How to define Attack Surface (C.P.M.T.L)

Answer 10

Creative, Persistent, Methodical, Technical, Log Analysis

Question 11

How to Validate Attack Surface

Answer 11

Penetration testing, Security Information and Event Management (SEIM) systems

Question 12

Threat Modeling Methodologies (Standards)

Answer 12

ISO/IEC 27005
ISO/IEC 31000
NIST SP 800-30 r1
HTRA