Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Threat Modeling Gameplay with EoP
  • Table Of Contents Toc
  • Feedback & Rating feedback
Threat Modeling Gameplay with EoP

Threat Modeling Gameplay with EoP

By : Brett Crawley
4.9 (7)
close
close
Threat Modeling Gameplay with EoP

Threat Modeling Gameplay with EoP

4.9 (7)
By: Brett Crawley

Overview of this book

Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay. Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems. By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.
Table of Contents (18 chapters)
close
close
13
Glossary
14
Further Reading
15
Licenses for third party content

The importance of repudiation and its role in security

Your logging subsystem may be crucial in giving you early indicators of compromise. By using anomaly detection, you can trigger alerts when something unusual is taking place that needs investigation. By feeding all of your logs into a central log server or a Security Information and Event Management (SIEM) system, you can configure rules that will trigger these alerts when certain conditions hold true. In the event of a security incident, log information can be of the utmost importance because it can help you determine what happened, how it happened, when it happened, and what was affected. The benefits of this are as follows:

  • It will allow you to perform a root-cause analysis
  • It will help you remediate the cause to reduce the risk that it will happen again in the future
  • It may be a requirement that you inform anyone affected by the incident
  • Logs may be needed as evidence if this was malicious activity
...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY