Risk
What is good about Assessment
the Microsoft approach to threat modeling?
What is bad about it?
OCTAVE…
 Advantage: ___________
 Disadvantage: ___________
OCTAVE– a brief history
1999 OCTAVE developed by Software Engineering Institute
2003 OCTAVE-S a streamlined version
2007 OCTAVE Allegro
http://www.sei.cmu.edu/reports/07tr012.pdf
OCTAVE Allegro Roadmap
(see reference on previous slide)
Step 1: Establish Risk Mgmt
Criteria
This is concerned with things like …
“organizational drivers”,
“mission”,
“business objectives”
The purpose is to think about later threat ranking
Step 2: Develop an Info Asset
Profile
For a software project we need to
 __________________
 __________________
 ___________________
Step 3: Identify Asset Containers
Where are the assets
 ..stored?
 ..transported?
 ..processed?
Step 4: Identify Areas of Concern
Brainstorm possible threats
Step 5: Identify Threat Scenarios
Build threat trees
A scenario is ___________________________
Step 6: Identify Risks
Step 7: Analyze Risks
Use formula of probability * impact
Step 8: Select Mitigation Approach
An interesting omission from the Microsoft approach
Ranking Example
For a single threat/risk:
There are worksheets to help discover ranges for ranking