2 cissp ® Official Study Guide Eighth Edition


Performing Reduction Analysis



Download 19,3 Mb.
Pdf ko'rish
bet56/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   52   53   54   55   56   57   58   59   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Performing Reduction Analysis
The next step in threat modeling is to perform reduction analysis. 
Reduction analysis
is 
also known as 
decomposing
the application, system, or environment. The purpose of this 
task is to gain a greater understanding of the logic of the product as well as its interactions 
with external elements. Whether an application, a system, or an entire environment, it 
needs to be divided into smaller containers or compartments. Those might be subroutines, 
modules, or objects if you’re focusing on software, computers, or operating systems; they 
might be protocols if you’re focusing on systems or networks; or they might be depart-
ments, tasks, and networks if you’re focusing on an entire business infrastructure. Each 
identified sub-element should be evaluated in order to understand inputs, processing, secu-
rity, data management, storage, and outputs.

Understand and Apply Threat Modeling Concepts and Methodologies 
37
In the decomposition process, you must identify five key concepts:
Trust Boundaries
Any location where the level of trust or security changes
Data Flow Paths
The movement of data between locations
Input Points
Locations where external input is received
Privileged Operations
Any activity that requires greater privileges than of a standard user 
account or process, typically required to make system changes or alter security
Details about Security Stance and Approach
The declaration of the security policy, secu-
rity foundations, and security assumptions
Breaking down a system into its constituent parts makes it much easier to identity the 
essential components of each element as well as take notice of vulnerabilities and points of 
attack. The more you understand exactly how a program, system, or environment operates, 
the easier it is to identity threats to it.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   52   53   54   55   56   57   58   59   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish