[SC-L] differences between Threat Analysis and Threat Modeling
scott hollatz
shollatz at d.umn.edu
Wed Feb 14 17:28:36 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Hi Ken,
>
> I am currently researching the differences between Threat Analysis and
> Threat Modeling.
>
> I thought your readers on the mailing list may give me a clearer
> distinction.
>
>
>
> How I understand it is that *both* identify security threats, determine
> risk, and create the right countermeasures by analyzing various types of
> documentation about the system and looking for vulnerabilities and/or areas
> of weakness.
>
>
>
> *Threat Analysis* ? is more *informal* way of 'eyeballing' system
> architecture and application design.
> *Threat Modeling* [Microsoft SDL] ? more *formal*, every requirement is
> modeled and scrutinized.
>
> Any additional help you or your readers can provide would be appreciated.
I come from a mathematical modeling background, so my opinion may be
skewed a little, but:
analysis leads to a model which can be used in analysis
- --
scott hollatz net shollatz at d.UMn.eDu
information technology systems and services tel +1 218 726 8851
university of minnesota duluth mn usa fax +1 218 726 7674
--
"Asn aD ta zlAp em uT zt33rg"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (SunOS)
iD8DBQFF040Z4og1WWfEVRsRAvd2AJ9P0pjcpsbgO0SWphxvL2PRTAaEYwCfeo6Z
AqFy9OLNnUbd5DOYRcwKaws=
=RyHS
-----END PGP SIGNATURE-----
More information about the SC-L
mailing list