Threat Modeling: Designing for Security

This is a great resource on threat modelling. I shows how to threat model in a visual way that can be easily interpreted. It also has links to some playing cards to help indentift threats.

This book comes very well recommended. An essential read / reference for any IT professional who is serious about IT Systems / Services Security processes, modelling and threat management. One of the vey few books recommended by Bruce Schneier.

A solid methodology that is easily practised.

An excellent reference for anyone seeking to embed secure by design concepts into their business projects.

It help me to pass the CISSP & CRISC exam, very clear and a lot of referencing topics. Another good shopping.

Very good book containing many important things, in an easy to read fashion.

One, if the THE best book on threat modelling I have read.

I'm working on a large programme where, and this isn't unusual across industry, the information security team haven't performed a risk assessment. So to fill in the gaps and to justify the controls-led approach I've had to take I've conducted a threat assessment. This book was really helpful in getting a first draft produced quickly enough to still be useful.

Too general

Conteúdo excelente, referência para modelagem de ameaças. Qualidade do papel e da capa é média, poderia ser melhor pelo preço.

The Bible for Information Security Threat Modeling I have been an Information Security professional for over 20 years. Threat Modeling has been an elusive goal for a large portion of my career. Having the ability to analyze a proposal, architecture, or existing system is expected from a senior level professional. Unfortunately, too many of us covet the unrealistic ability to quickly perform a thorough, accurate analysis “on the fly”; impressing everyone around us. This is a horrible trait to have, but it is all over the place. The threat modeling approach addresses this problem by providing a frameworks that take some of the guesswork out of the equation. Adam Shostack captures the popular methods within this book and touches on some of the pros and cons of each method. In my opinion, Adam places an appropriate amount of focus on the STRIDE threat modeling method, as it is the most well documented approach in the industry. However, he does not slack on explaining alternate methods like LINDDUN and its relationship to data privacy threats. The author also introduces the reader to some of the tools that are on the market or are made available via open source. Most importantly, Adam highlights the importance of working with the various stakeholders within an organization to create a threat model. This cast could include but is not limited to, project managers, system administrators, database administrators, network engineers, and information security resources with the point being that threat modeling is not just something that someone with a CISSP can pull out of the air based on shear brilliance, it’s a product of several subject matter experts. This is the best resource on the market on the subject of security threat modeling. Court Graham, CISSP, OSCP, CEH, ITIL, PCIP

It is must refer book who are doing security architect.

L'ouvrage est fichtrement bien articulé autour de la problématique centrale du risque et se veut exhaustif. Le propos est bien illustré et le références sont nombreuses. Sans compter sur le fait que l'auteur est abordable. Je le recommande.