17 lines
543 B
ReStructuredText
17 lines
543 B
ReStructuredText
=======================================
|
|
Objectives for Security Threat Analysis
|
|
=======================================
|
|
|
|
|
|
We assert that after a Threat Analysis we:
|
|
|
|
- Know all entry points into a system
|
|
- Know what assets are at risk
|
|
- Know where data is persisted
|
|
- Understand how data travels between components of the system
|
|
- Understand data formats and transformations
|
|
- Document external dependencies
|
|
- Identified who we are (and are not) protecting against
|
|
- Understand the impact of degrading controls
|
|
- Have a list of agreed defects
|