You are conducting threat modeling based on the Microsoft approach. Which of the following stages will you apply the categorized threat list, STRIDE? (Wentz QOTD)
A. Identify threats
B. Document & validate
C. Diagram application architecture
D. Identify, prioritize & implement controls
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is __.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Reference
您正在根據 Microsoft 的方法進行威脅建模。 您將在以下哪個階段應用分類威脅列表 STRIDE? (Wentz QOTD)
A. 識別威脅
B. 記錄和驗證
C. 圖表應用架構
D. 識別、優先排序和實施控制