Date Published: March 2016
Comments Due:
Email Questions to:
Author(s)
Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)
Announcement
NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. Draft SP 800-154 provides information on the basics of data-centric system threat modeling so that organizations can use it as part of their risk management processes instead of relying solely on conventional "best practice" recommendations.
Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment. This publication examines data-centric system threat modeling, which is threat modeling that is focused on protecting particular types of data within systems. The publication provides information on the basics of data-centric system threat modeling so that organizations can successfully use it as part of their risk management processes. The general methodology provided by the publication is not intended to replace existing methodologies, but rather to define fundamental principles that should be part of any sound data-centric system threat modeling methodology.
Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment. This publication examines data-centric system threat modeling, which is threat modeling that...
See full abstract
Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment. This publication examines data-centric system threat modeling, which is threat modeling that is focused on protecting particular types of data within systems. The publication provides information on the basics of data-centric system threat modeling so that organizations can successfully use it as part of their risk management processes. The general methodology provided by the publication is not intended to replace existing methodologies, but rather to define fundamental principles that should be part of any sound data-centric system threat modeling methodology.
Hide full abstract
Keywords
information security; risk assessment; risk management; threat modeling; threats; data security; vulnerabilities
Control Families
Assessment, Authorization and Monitoring; Program Management; Risk Assessment
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
