Risk centric threat modeling : process for attack simulation and threat analysis / Marco M. Morana, Tony Uceda Vélez.

By: Morana, Marco M .

Contributor(s): Uceda Vélez, Tony, 1976-.

Material type: materialTypeLabel

BookPublisher: Hoboken, New Jersey : John Wiley & Sons, Inc., 2015Description: xxv, 664 pages \' 25 cm.Content type: text Media type: unmediated Carrier type: volumeISBN: 9780470500965 (hardback).Subject(s): Data protection

| Computer security

| Management information systems -- Security measures | Computer networks -- Security measures

| Risk assessment

DDC classification: 658.47011

Contents:

Threat modeling overview -- Objectives and benefits of threat modeling -- Existing threat modeling approaches -- Threat modeling within the SDLC -- Threat modeling and risk management -- Intro to PASTA -- Diving deeper into PASTA -- PASTA use case.

Summary: This book describes how to apply application threat modeling as an advanced preventive form of security-- Provided by publisher.

Holdings
Item type	Current library	Call number	Copy number	Status	Date due	Barcode	Item holds
General Lending	MTU Bishopstown Library Lending	658.47011 (Browse shelf(Opens below))	1	Available		00163778

Total holds: 0

Browsing MTU Bishopstown Library shelves, Shelving location: Lending Close shelf browser (Hides shelf browser)

Previous								Next
Previous	658.46 The seven C's of consulting : the definitive guide to the consulting process /	658.46 An introduction to management consultancy /	658.47 Benchmarking : the search for industry best practices that lead to superior performance /	658.47011 Risk centric threat modeling : process for attack simulation and threat analysis /	658.472 Business intelligence : practices, technologies, and management /	658.473 Corporate fraud /	658.478 Managing information systems security /	Next

Enhanced descriptions from Syndetics:

This book introduces the Process for Attack Simulation & Threat Analysis (PASTA) threat modeling methodology. It provides an introduction to various types of application threat modeling and introduces a risk-centric methodology aimed at applying security countermeasures that are commensurate to the possible impact that could be sustained from defined threat models, vulnerabilities, weaknesses, and attack patterns.

This book describes how to apply application threat modeling as an advanced preventive form of security. The authors discuss the methodologies, tools, and case studies of successful application threat modeling techniques. Chapter 1 provides an overview of threat modeling, while Chapter 2 describes the objectives and benefits of threat modeling. Chapter 3 focuses on existing threat modeling approaches, and Chapter 4 discusses integrating threat modeling within the different types of Software Development Lifecycles (SDLCs). Threat modeling and risk management is the focus of Chapter 5. Chapter 6 and Chapter 7 examine Process for Attack Simulation and Threat Analysis (PASTA). Finally, Chapter 8 shows how to use the PASTA risk-centric threat modeling process to analyze the risks of specific threat agents targeting web applications. This chapter focuses specifically on the web application assets that include customer's confidential data and business critical functionality that the web application provides.

* Provides a detailed walkthrough of the PASTA methodology alongside software development activities, normally conducted via a standard SDLC process

* Offers precise steps to take when combating threats to businesses

* Examines real-life data breach incidents and lessons for risk management

Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis is a resource for software developers, architects, technical risk managers, and seasoned security professionals.

Includes bibliographical references (pages 653-656) and index.

This book describes how to apply application threat modeling as an advanced preventive form of security-- Provided by publisher.

Author notes provided by Syndetics

Tony UcedaVélez is CEO at VerSprite, an Atlanta based security services firm assisting global MNCs on various areas of cyber security, secure software development, threat modeling and security risk management. Tony has worked and led teams in the areas of application security, penetration testing, security architecture, and technical risk management for various organizations in Utility, Banking, Government, Retail, Healthcare, and Information Services.

Marco M Morana serves as Senior Vice President-Application Security Architect for CitiGroup, where he is responsible for managing the architecture risk analysis and threat modeling program globally and leads global initiatives to mitigate risks of emerging cyber-threats targeting web applications of institutional clients. Marco has designed and developed business critical security software products for several Fortune 500 companies, and also for NASA.