Question 1
1.Write two pages about each of the following list (Open-source Risk Management tools)
2. Download Microsoft Threat modeling (provided with this folder)
Then write to explain why do we need the Microsoft Threat modeling, how to use it
Give a complete example (2 application as distributed below) ; your end results are the list and description of risk found .
Note: Please make sure you follow the document throughly where first question consists of 2 pages and second question consists of 20 pages.
Question 2
We use many different types of risk management methodologies and tools. A part of the process involves identifying the threats to our system, generally by attackers who would harm our systems and data (assets). I’ve included a project that walks you through a simple threat modeling exercise, using STRIDE, which you will apply using a scenario, to understand the basic process.
1. Read the threat modeling article using STRIDE and complete a threat model and risk management plan
2. Create a report for your “boss” identifying the threats to your systems/assets in the scenario, who the attackers are, how they will attack (using STRIDE), and will make recommendations for security controls (use your textbook, too).