January 2023
Intermediate to advanced
214 pages
3h 43m
Chinese
Content preview from 威胁建模:安全设计中的风险识别和规避
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
领导组织的威胁建模 | 187
在前面各章中探讨的其他因素。但是,尽管有多种选择,但必须满足一系列共
同的需求,以便最终得出适当、有用和有代表性的威胁模型。
系统建模
将系统转换为描述性表示的能力,可以根据系统中每个组件的特征和属性
进行操作。
风险识别
遍历系统模型并识别所面临风险的种类以及如何将其实现为漏洞的能力。
风险分类与排名
了解哪种威胁比另一种更严重、为什么更严重以及它们以何种方式影响系
统的正式方法。
跟进
一种方式,确定威胁被解决或缓解,或至少组织认为该威胁风险不高。
知识共享
每一种方法的本质都促进了团队成员和利益相关者之间的交流,其影响超
出了即时安全需求。
结果数据收集
一种反馈机制,用于度量结果数据的质量以及与结果数据的关系。研究结
果的平均重要性。为了最有效地进行教育和规划,最好通过使用总体安全
的设计模式、库和工具来缓解影响的领域和主题。
如果你能够找到或开发适合你的开发团队的方法,那么你已经找到了实现该目
标的方法。归根结底,如果你有有用的发现(适用于你的系统;已被识别、分
类和排名;已经确定了缓解措施),则你的团队正在学习并变得有安全意识,并
且你的系统已得到很好的表示和分析,你可以满足威胁建模的所有需求,并从
威胁模型中受益。
6.5 如何传递“坏消息”
问:我有一个威胁模型和它产生的结果,我如何组织它们进行演示和跟进?如
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.