January 2023
Intermediate to advanced
214 pages
3h 43m
Chinese
Content preview from 威胁建模:安全设计中的风险识别和规避
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
181
第 6 章
领导组织的威胁建模
你不能让别人听你的。你无法让他们执行。这可能是一个简单任务的临时解决
方案。但是要实施真正的变革,促使人们去完成真正复杂、困难或危险的事情,
就不能让人们去做那些事情。你必须领导他们。
—
Jocko Willink
在本章中,我们提供了常见问题的答案,以及在前几章中没有涉及的方法和角
度。我们使用问答方式来解决每天遇到的问题。这些问题来自各个方面:与
我们合作的开发团队、我们的直接管理层或他们的团队,同行,有时是我们自
己。我们希望他们能让你更加了解威胁建模者、安全从业者和变革领导者的
意义。
6.1 如何通过威胁建模获得领导地位
问:我们团队的领导层并不完全认同威胁建模的价值。他们看不到拥有这种能
力的好处,也看不到为建设这种能力而进行必要的投资的好处。作为安全倡导
者或专家,我能做些什么来获得他们的认可?
答:提醒他们如果不这样做会发生什么。领导层可能不了解威胁建模对系统安
全或质量的影响。
你可以尝试使用两个不依赖于“专家说我们应该”的主要论点(这个论点更倾
向于将额外的钱花在顾问身上,而不是获得价值)。试着告诉你的领导如下内容:
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.