Information Security Risk Assessments

Image by Metadata Channel LLC

▪ Applying three pillars of Information Security: Confidentiality, Integrity, Availability
▪ Applying OWASP best patterns and practices
▪ Utilizing Threat Modeling Process and Platforms
▪▪ Identifying assets
▪▪ Creating an architecture overview
▪▪ Decomposing an application
▪▪ Identifying the threats
▪▪▪ Using categorized threat lists
▪▪▪ Using STRIDE to identify threats
▪▪ Documenting the threats
▪▪ Rating the threats (Translating prioritized security risks to business impact and advising on how to fix potential vulnerabilities)
▪▪▪ Using Security Risk (Probability and Impact) assessments of IT architecture and infrastructure
▪▪▪ Using DREAD model
▪ Utilizing Burp Professional Edition, SiteMinder SSO, Anti-Money Laundering (AML) Software, etc.
▪ Integrating the following algorithms and protocols

AES/3DES/DES/ECC/DSA/RSA/PGP
Merkle Tree
Data Protection
Secure Data Transport
Kerberos network authentication protocol
Authentication
Authorization
Auditing
Application Security
RBAC
Cloud IAM
SSL/TLS
PKI
X.509
IPSec
IPv4, IPv6
SSH
AD (Active Directory)
LDAP
SAML

- Advertisement -
  • Casetify - iPhone X Cases
  • Casetify - iPhone X Cases

Written by Administrator

Leave a Comment

Your email address will not be published. Required fields are marked *

- Advertisement -
  • Casetify - iPhone X Cases
  • Casetify - iPhone X Cases