Overview
Modeling Cyber Risk
- Model Your Infrastructure: is an exercise of listing the machines in use, which would include servers and desktop machines, including their locations relative to firewalls and other network infrastructure.
- Identifying the Attack Surface is the process of Identifying which machines are exposed to attack. Typically this means that the machine is not behind a firewall which could prevent a hacker from connecting to the machine. A machine that is on the attack surface, and hence exposed, is not necessarily a security risk, but may require careful attention to harden its perimeter.
Security Threats - STRIDE
The stride model is a model of cyber security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft.
Managing Cyber Risk
The state of art in cyber security for a corporate network is to build the network under the assumption of a zero trust network.
- Zero Trust Network is a network designed to assume that no machine is safe. That is, even machines that are behind a firewall must be assumed to vulnerable to attack. A zero trust network is designed to such that are machines are hardened against an attack.