lecture 3 threat modeling cont. risk...
TRANSCRIPT
![Page 1: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/1.jpg)
Lecture 3
Threat Modeling—Cont.
Risk Assessment
Dr. Lotfi ben Othmane
30 October 2015
![Page 2: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/2.jpg)
Apple deletes over 250 data-mining apps from App Store
by Roshan Mehta and Noorulla Sharief
Stagefright Bug 2.0: A single song could be used to exploit an
Android phone
By Mallikarjun Nuti
Vulnerabilities in the News
2
![Page 3: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/3.jpg)
No attendance score
The new structure for Attendance and Participation score will be
Students will send to the lecturer summaries about a security vulnerability in the
news (10 to 20 lines) + reference
Each summary counts for 5 points out of the 10
The lecturer selects, in every lecture, 2 news to discuss and sends emails to the
selected students (through TUCAN) one day before the class
Selected students will present the news in class and discuss it with colleagues
Students who are selected but do not present their news (e.g., absent) do not
get the mark
New Rules for Participation and
Attendance Score
3
![Page 4: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/4.jpg)
Groups
Group numbers have been communicated via TU emails
Groups who didn‘t recieve their group number are NOT registered to the
labs.
If you think there was an error, contact Lisa by email
4
![Page 5: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/5.jpg)
Lab 1R
Some students got their hands on the solutions of Lab 1
For fairness reasons, we canceled lab 1 entirely and replaced it by
Lab 1R Subjects to Lab 1R are available online
Lab 1R is easier than Lab 1 and therefore, it is doable in a week
Topics of Lab 1R Cross-site scripting
Cross-site request forgery
Lab 1R: Available on Friday, Oct 30th
Due on Sunday, Nov 8th, 23:59 (Few days more than the deadline for Lab 1)
5
![Page 6: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/6.jpg)
Complement for threat modeling
6
![Page 7: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/7.jpg)
Represents the attacks and the countermeasures as a tree
Root node is the goal of the attack
Leaf nodes are attacks
Attack Tree
https://www.schneier.com/attacktrees.pdf
7
![Page 8: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/8.jpg)
Attack surface is the set of entry points to the system
Attack Surface
http://www.acunetix.com/wp-content/uploads/2012/10/web-apps.gif
8
![Page 9: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/9.jpg)
Use of threat library
Apply the threat library to the elements of the attack surface
Examples
1. Session hijacking for Web
2. SQL injection for database
3. Online password cracking for authentication
There is a related paper for reading
Developer-Driven Threat-Modeling
9
![Page 10: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/10.jpg)
What are the classes of existing threat modeling methods?
Why threat modeling approaches are different?
Why analysts produce different set of threats while using the same
method?
Is it possible to develop a threat modeling method that ensures two
analysts produce the same set of threats for the same system?
Open Questions
10
![Page 11: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/11.jpg)
Risk Assessment
11
![Page 12: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/12.jpg)
Client Lawyer
Should I
encrypt the
file
Should I
encrypt the
12
![Page 13: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/13.jpg)
Initially defined in the 17th century, in the context of using
mathematical tools in gambling. It combined the probability of making
profit or sustaining loss with the extent of the profit or the loss.
In the 18th century the concept expanded to the maritime insurance
sector.
The Concept of “Risk”…
From Sokratis K. Katsikas, CrIM14
13
![Page 14: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/14.jpg)
Business-Driven Security
Security is an investment
Bad events have
Likelihood
Impact
14
![Page 15: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/15.jpg)
Vulnerability assessment: Identify existence weaknesses and flaws
and assess their impact
E.g., using security testing tools
Risk assessment: Identify threats to the system and assess their
impact
E.g., using the software architecture
Vulneravility Assessment
vs Risk Assesment
15
![Page 16: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/16.jpg)
Hundreds of different methods
(https://www.enisa.europa.eu/activities/ris
k-management/current-risk/riskmanagement-
inventory/rm-ra-methods)
No universally acceptable set of comparison criteria
Some cover only parts of the process.
Risk Management Methods…
From Sokratis K. Katsikas, CrIM14
16
![Page 17: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/17.jpg)
CRAMM
MAGERIT
EBIOS
ISF Standard of good practice
IT-Grundschutz
MEHARI
OCTAVE
Callio Secura
COBRA
CounterMeasures
Proteus
CORAS
RiskWatch
SBA
Risk Management Methods…
From Sokratis K. Katsikas, CrIM14
17
![Page 18: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/18.jpg)
ISO/IEC 27001:2013
ISO/IEC 27005:2011
ISO 31000:2009
IEC 31010:2009
ISO Guide 73:2009
ISF Standard of Good Practice
BS 7799-3:2006
BSI 100-1
BSI 100-2
BSI 100-3
BSI 100-4
BSI IS Audit guideline
IT-Grundschutz Catalogues
US GAO Guide
NIST SP 800-30
NIST SP 800-39
Risk Management Standards…
From Sokratis K. Katsikas, CrIM14
18
![Page 19: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/19.jpg)
Describe the system
Identify the threats
Identify the vulnerabilities
Analyze the security
controls
Estimate the severities
of threats
Estimate the likelihoods
of threats
Estimate the risk
Recommend security
controls
Risk Assessment
Process
![Page 20: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/20.jpg)
The Concept of Risk - Again
20
![Page 21: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/21.jpg)
Business-Driven Security
21
What are the
risks for
sending the
data
![Page 22: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/22.jpg)
We do not consider the full information system of a company
We focus on specific software that serves customers
… perspective
Software users
Software manager
Software creator/developer
Business-Driven Security
22
![Page 23: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/23.jpg)
Risk sensitivity measures the tolerance for risk exposure of assets
(resource)
What should be done?
Identify the assets list
Identify the security policies for the assets
Assess the criticality of the assets
Risk Sensitivity
23
![Page 24: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/24.jpg)
Risk Sensitivity
This data
cost
nothing?
24
![Page 25: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/25.jpg)
Asset states: at rest, in-transit, in-process
Security controls are:
Technical: enforceable through hardware and/or software
e,.g., access control, session management
Non technical: security policies and operational procedures
e,.g., Non-disclosure agreement
Analysis of Security Controls
25
![Page 26: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/26.jpg)
There are many guidelines for security controls
Security and Privacy Controls for Federal Information Systems and
Organisation (NIST 800-53)
ISO/IEC 27002:2013 Information technology — Security techniques — Code
of practice for information security controls
Use of security principles: least privilege, defense in depth, separation
of duties
Analysis of Security Controls
26
![Page 27: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/27.jpg)
Analysis of Security Controls
Client Lawyer
How do you
protect my
data?
Let me
think….
27
![Page 28: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/28.jpg)
Risk exposure is a function of the likelihood of a threat and the
severity of its impact
Risk estimation method assess risk exposure
Risk exposure is:
Quantitative
Qualitative
Risk Exposure
Severity
Likelihood
High
High Moderate Low
high high Moderate
Moderate high Moderate Low
Low Moderate Low Low
28
![Page 29: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/29.jpg)
Severity of Impact measures the magnitude of the impacts of a threat
Example of evaluation factors are:
Technical: availability, integrity, confidentiality, etc.
Business: financial, legal, operational, safety, privacy, reputation
damage, etc.
Example of scales for reputation damage
0 for no damage
1 for customers are not happy
..
4 for decommissioning the system
5 for closing the company
Severity of Impact
29
![Page 30: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/30.jpg)
Likelihood of threats measures the frequency and possibility that a
given threat occurs (Ambiguous)
Example of evaluation factors Elapsed time
Required expertise
Required knowledge of the system
Window of opportunity
Required equipment and tool
Example of scales for elapsed time: 2 for 1 year, 4 for 1 month, 8 for
few minutes
Likelihood of Threats
30
![Page 31: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/31.jpg)
Play the video
What is the likelihood for “locking the gearstick in a fixed position”? Required equipment: (cheap equipment)
Window of opportunity: (1 day)
Knowledge of the system: (generic knowledge is required)
Specialist expertise: (professional)
Elapsed time: (1 day to implement the attack)
Risk Exposure
31
![Page 32: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/32.jpg)
Attacker capability is the ability to access a system resources to
exercise threats
⇒ The use of means and opportunities depends on attacker
capabilities
Attacker capability likelihood measures how likely potential attacker
could have the given capability
32
Attacker Capabilities and Risk Uncertainty
![Page 33: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/33.jpg)
Attack Potential Uncertainty
Attack potential
(local access, remote access)
Remote update of ECU firmware (27,2) (30,5)
Falsification of speedometer reading (50,10) (30,15)
33
![Page 34: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/34.jpg)
Attacker capabilities are conditions for threats
Denying a capability could mitigate a set of threats
Change of system architecture changes the attacker capabilities
The risk exposure of the system change
Examples:
• Architecture-related: Moving sensitive computation from customer’s devices to
centralized services
• Policy-related: Restricting access to the targeted asset (e.g., database)
Risk mitigation through changing attacker
capabilities
34
![Page 35: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/35.jpg)
Options are
Avoid : Cease the activity related to it
Accept : Ignore it and accept to live with it
Mitigate: Limit the exposure
Implement controls to prevent the threat
Implement controls to limit the impact or likelihood of the threat
Plan a set of controls
Transfer: Agreement that others assume the risk
Examples: contract with insurance and Agreement with customers
Addressing a Risk
35
![Page 36: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/36.jpg)
Affects of controls:
Increase the difficulty of exploit (likelihood)
Reduce the scope of the exploit (impact)
Remediate the related vulnerabilities (likelihood)
Addressing a Risk…
36
![Page 37: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/37.jpg)
Remediation costs
Cost of required hardware and software
Cost of training
Cost of development
Cost of support and management
Residual risk: remaining risk exposure after implementing controls
Addressing a Risk…
37
![Page 38: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/38.jpg)
Risk Assessment template content Brief risk description
Risk owner
Risk rating and justification of the decision
Controls
Risk decision
Risk mitigation template Business justification
Mitigation action
Exception/risk acceptance approval
Other data Risk profile including assets and use policies
Assessment questionnaires
Reporting Risk
38
![Page 39: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/39.jpg)
Structure of risk assessment report Executive summary
Risk profile
Risk finding
Mitigation strategy and plans
Risk finding content Describe the risk of each of the identified weaknesses
OR
Describe the vulnerabilities and tests related to each risk
Assessment method should be part of the report
Reporting a Risk
39
![Page 40: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/40.jpg)
Risk assessment: Identify threats to
the system and assess their impact
Risk assessment includes a set of
activities
Risk exposure is a function of the
likelihood of a threat and the severity
of its impact
Likelihood of threats measures the
frequency and possibility that a given
threat occurs (Ambiguous)
Severity of Impact measures the
magnitude of the impacts of a threat
Recap
Describe the system
Identify the threats
Identify the
vulnerabilities
Analyze the security
controls
Estimate the
severities of threats
Estimate the
likelihoods of threats
Estimate the risk
Recommend security
controls
40
![Page 41: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/41.jpg)
What are the main existing risk assessment methods? Why do we
need many methods?
What are the main factors that should be used for risk estimation?
Can we relate risk assessment and vulnerability assessment ? And
how, if yes?
Open Questions
41
![Page 42: Lecture 3 Threat Modeling Cont. Risk Assessmentblogs.uni-paderborn.de/sse/files/2015/08/SecDev_Lec3_risk.pdf · Organisation (NIST 800-53) ISO/IEC 27002:2013 Information technology](https://reader033.vdocuments.us/reader033/viewer/2022060506/5f1f07a91e545e47231a9f01/html5/thumbnails/42.jpg)
End of the lecture
42