Threat Modeling Training
... > Training Courses > Threat Modeling Training
Threat Modeling Training
In an ever-changing threat landscape and with continuous IT development, it is important to ensure focus and efficiency by doing the most important security assessments on the right targets.
However, what are these and how can you determine where the focus should be? Read more about the 1-day threat modeling training course.
Threat modeling can be very useful to stay in control of security, while still retaining the flexibility to improve and change. Within this course our experts teach you how to do threat modeling according to the STRIDE methodology to support answering these questions. This works both for existing systems and when designing new infrastructure/applications and will provide you with a broad picture of the threats/potential risks and optimizes your focus in security testing.
One of the first steps during the process is the mapping of communication flows and trust boundaries. This can be used as a basis for the threat modeling session to identify the threats that are applicable to the application.
Why should you attend?
- Find problems when there's time to fix them
- Identify the issues with the most risk first
- Address Security Development Life cycle (SDL) requirements
- Deliver more secure products
- Save costs
This training is suitable for:
- Information Security Officers
- Network Administrators
- Software engineers
- Policy makers
- IT architects
Certain processes are so essential to society that failure or disruption would lead to serious social disruption and poses a threat to the national security. These processes form a country vital infrastructure. Electricity, water supply, payment industry, electronic communication and certain high tech companies are examples of vital processes.
This threat modeling course is specifically aimed at personnel of organizations that work in these vital processes. Due to the fast changing landscape and the ever increasing digital security risks, Secura feels that threat modeling can be very useful to stay in control of security, while still retaining the flexibility to improve and change. Therefore, this course is specifically aimed to train personnel working in these sectors.
Required Skills & Expertise
This course is aimed at both people with a technical background as well as policy makers. Understanding of basic data flow diagrams and security concepts is required. No existing knowledge of threat modeling is required during the training course.
- Understand when and how to do threat modeling
- Learn about the four step threat modeling process that can be used to structurally perform threat modeling (creating a diagram, identifying the threats, mitigating and validating the threats).
- Learn how to create complete, validated Data Flow Diagrams (DFD’s) that can be used as a basis for the threat modeling session (for an example, see the appendix).
- Learn how to use a threat modeling session to identify the threats that are applicable to the web application, mobile application, infrastructure or other component that is being threat modelled. The attendees will be introduced to different ways to identify threats, such as STRIDE, attack trees and attack libraries. The course will focus on identifying threats using STRIDE. For an example of an attack tree, see the appendix.
- Learn how to structurally address the identified threats, to mitigate the threats that have been identified in the previous step
- Learn to validate the implemented mitigation, to make sure the implemented mitigation solves the threat completely and does not introduce any new threats.
- Learn how to implement threat modeling within the existing development process such as the Microsoft Security Development Lifecycle.
- Learn how to lead and organise efficient threat modeling sessions, to make sure the threat modeling session gets the wanted results.
Are you interested in hosting this interactive and tailored training at your company? Please fill out the form below and we will contact you within one business day.
Secura is a leading cybersecurity expert. Our customers range from government and healthcare to finance and industry worldwide. Secura offers technical services, such as vulnerability assessments, penetration testing and red teaming. We also provide certification for IoT and industrial environments, as well as audits, forensic services and awareness training. Our goal is to raise your cyber resilience.
Secura is a Bureau Veritas company. Bureau Veritas (BV) is a publicly listed company specialized in testing, inspection and certification. BV was founded in 1828, has over 80.000 employees and is active in 140 countries. Secura is the cornerstone of the cybersecurity strategy of Bureau Veritas.