[SC-L] differences between Threat Analysis and Threat Modeling
Jason Grembi
jgrembi at gmail.com
Wed Feb 14 16:11:33 EST 2007
Hi Ken,
I am currently researching the differences between Threat Analysis and
Threat Modeling.
I thought your readers on the mailing list may give me a clearer
distinction.
How I understand it is that *both* identify security threats, determine
risk, and create the right countermeasures by analyzing various types of
documentation about the system and looking for vulnerabilities and/or areas
of weakness.
*Threat Analysis* – is more *informal* way of 'eyeballing' system
architecture and application design.
*Threat Modeling* [Microsoft SDL] – more *formal*, every requirement is
modeled and scrutinized.
Any additional help you or your readers can provide would be appreciated.
Thanks
Jason Grembi
Web Developer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20070214/c2a37207/attachment.html
More information about the SC-L
mailing list