论文信息 - Guide to Data-Centric System Threat Modeling

Guide to Data-Centric System Threat Modeling

101 Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a 102 particular logical entity, such as a piece of data, an application, a host, a system, or an environment. This 103 publication examines data-centric system threat modeling, which is threat modeling that is focused on 104 protecting particular types of data within systems. The publication provides information on the basics of 105 data-centric system threat modeling so that organizations can successfully use it as part of their risk 106 management processes. The general methodology provided by the publication is not intended to replace 107 existing methodologies, but rather to define fundamental principles that should be part of any sound data108 centric system threat modeling methodology. 109

Karen A. Scarfone | Murugiah P. Souppaya | K. Scarfone | Murugiah Souppaya

[1] 尚弘島影. National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[2] Angela Orebaugh,et al. SP 800-137. Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations , 2011 .

[3] Karen A. Scarfone,et al. The Common Misuse Scoring System (CMSS): Metrics for Software Feature Misuse Vulnerabilities , 2012 .