Enterprise Risk - Information Technology

Overview

Modeling Cyber Risk

• Model Your Infrastructure: is an exercise of listing the machines in use, which would include servers and desktop machines, including their locations relative to firewalls and other network infrastructure.
• Identifying the Attack Surface is the process of Identifying which machines are exposed to attack. Typically this means that the machine is not behind a firewall which could prevent a hacker from connecting to the machine. A machine that is on the attack surface, and hence exposed, is not necessarily a security risk, but may require careful attention to harden its perimeter.
• Zero Trust Network is a network designed to assume that no machine is safe. That is, even machines that are behind a firewall must be assumed to vulnerable to attack. A zero trust network is designed to such that are machines are hardened against an attack.

Security Threats - STRIDE

The stride model is a model of cyber security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft.

• Spoofing
• Tampering
• Repudiation
• Information Disclosure
• Denial of Service
• Elevation of Priviledge