Learn how to do a threat model for enterprise systems following international used standards.
This advanced coaching provides detailed information on threat and risk analysis and on how to build, run, and evaluate a threat model.
- Duration: 2 days
- Level: advanced
Participants
- Product and project managers who need to understand the methodology and output of a threat model
- Security managers who are responsible for performing or understanding the output of a threat model
- System, software, and hardware engineers, developers
Training goals
- Understand in general terms what a threat and risk analysis / threat model is
- Get a deeper look into the four stages of performing a threat model with the STRIDE methodology
- Learn how to create a data flow diagram of a / your own product / service / solution, including trust boundaries
- Learn how to identify threats with the STRIDE methodology
- Get a basic understanding of how to rate / identify risks or threats
- Learn how to elaborate counter- or mitigation measures for each identified threat
- Understand several options for how evaluate your own analysis and how to elaborate fitting action items
Requirements
- General understanding and awareness of IT security
- Knowledge about the system overview, the technologies used, and the communication between these components
Do you have any questions about our trainings?
Feel free to send us a message. We will be more than happy to help you.