1

2

3

4

5

6

7

8

Single loss expectancy (SLE) is the value you expect to lose each time a risk

occurs. You calculate SLE by using the following formula: SLE = AV x EF

9

Single loss expectancy (SLE) is the value you expect to lose each time a risk

occurs. You calculate SLE by using the following formula: SLE = AV x EF

10

Annual loss expectancy (ALE) is the value you expect to lose to a given risk

each year. You calculate ALE by using the following formula: ALE = SLE x

ARO

11

Annual loss expectancy (ALE) is the value you expect to lose to a given risk

each year. You calculate ALE by using the following formula: ALE = SLE x

ARO

12

Annual loss expectancy (ALE) is the value you expect to lose to a given risk

each year. You calculate ALE by using the following formula: ALE = SLE x

ARO

13

14

15

16

17

18

19

Microsoft says:

Provides a consistent methodology for objectively identifying and evaluating

threats to applications.

Translates technical risk to business impact.

Empowers a business to manage risk.

Creates awareness among teams of security dependencies and assumptions.

20

21

Step 1: Identify security objectives.

Clear objectives help you to focus the threat modeling activity and determine

how much effort to spend on subsequent steps.

Step 2: Create an application overview.

Itemizing your application's important characteristics and actors helps you to

identify relevant threats during step 4.

Step 3: Decompose your application.

A detailed understanding of the mechanics of your application makes it easier

for you to uncover more relevant and more detailed threats.

Step 4: Identify threats.

Use details from steps 2 and 3 to identify threats relevant to your application

scenario and context.

Step 5: Identify vulnerabilities.

Review the layers of your application to identify weaknesses related to your

threats. Use vulnerability categories to help you focus on those areas where

mistakes are most often made.

22

23

24

25

26

27

Would prefer to use a diagram here

28

29

30

31

32

33

34

35

36

37

Define Locations, Interfaces & Users (Trust Levels) But not “assets”, as

organizations are too complex

Create a map showing how Locations, Users and Interfaces relate

Users are restricted to locations

Interfaces are exposed to locations

38

Risks are gleamed from three sources

Analyst Experience

Organizational History

Group Brainstorming

Each Risk has key elements

Likelihood

Impact

Use an iterative process to describe the Risk, apply it to an Interface, then refine as required

A new Risk is added if:

Likelihood or Impact differs

The required defense is likely to differ

39

This creates a Threat Vector

Directly linked:

What Interfaces could this Risk Impact?

Indirectly linked:

What Trust Level is required?

At which location would such Users be found?

40

The Threat Vector therefore becomes a 4-Tuple

Risk, Interface, Location, User

A many-to-many relation means the number of Threat Vectors scales

linearly

41

Tests could be any of

Focused Technical Tests

E.g. Penetration Test

Sample Data

Drawn from existing monitoring systems e.g. Incident Logs or previous assessments

Interviews

Conducted with relevant individuals or teams

Policy and procedure reviews

Research

Drawing on external sources

The more tests are conducted the more certainty we have

However, the most ‘efficient’ tests are easily calculated by considering the Weights of all the Threat Vectors impacted

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66