This week, we’ll examine the threat modeling approach as required for a correct execution of a penetration test. The PTES standard focuses on two key elements of traditional threat modeling – assets and attacker. Each one is respectively broken down into business assets and business processes and the threat communities and their capabilities.
For the PTES assignment this week, create a sample threat modeling profile for a pen test that you would like to conduct for a hypothetical or real world client.
At a minimum, include the following:
- Business Asset Analysis
- Business Process Analysis
- Threat Agents/Community Analysis
- Threat Capability Analysis
http://www.pentest-standard.org/index.php/Threat_Modeling
Rubic:1.Demonstrates a sophisticated understanding of the topic(s) and issue(s)
| 2.Makes appropriate and powerful connections between the issues identified and the strategic concepts studied in the reading 3.Presents detailed, realistic, and appropriate recommendations clearly supported by the information presented and concepts from the reading |
4.Use and Quality of References:All are reliable authorities
