7.2. Identify Key Classes of Components
In this activity you look at critical assets and threats from phase 1 in relation to your computing infrastructure. You examine network access paths (how information or services can be accessed via your organization's network) in the context of threat scenarios to identify the important classes of components for your critical assets.
You focus on the threat tree for human actors using network access, because that tree defines the range of scenarios that threaten the critical asset due to deliberate exploitation of technology vulnerabilities by people. Thus, this activity is limited to identifying information technology components that could be used as part of network attacks against critical assets. Figure ...
Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.