Blog – enclavedefense.com

STRIDE “Threat” Model: Outdated and Confusing (ft. Formula 1)

In 1999, the Microsoft Security Task Force introduced the STRIDE "threat" model as a means of identifying threats to Microsoft products during the design phase. STRIDE is an acronym that represents six “threat” categories. STRIDE Acronym from The Threats to our Products According to the paper that introduced the STRIDE model, “The Threats to our Products”, the intent of these six threat categories is to help identify vulnerabilities and then take measures to close security gaps. This intent is good and there is no doubt that the tool was a net positive for many years as it helped software developers…

0 Comments

July 21, 2022

Read more about the article STRIDE “Threat” Model: Outdated and Confusing (ft. Formula 1)

Ransomware Targeting of ICS Sectors Highlights Risk Assessment Nuance (ft. Dragos + Conti)

For ransomware attackers, as with all malicious cyber threat actors, a target's vulnerabilities are a critical means, not the end.

0 Comments

April 14, 2022

Read more about the article Ransomware Targeting of ICS Sectors Highlights Risk Assessment Nuance (ft. Dragos + Conti)

Compliance / Critical Infrastructure / I.C.S. / Rail / Risk / Transportation

TSA’s Security Directive on Enhancing Passenger Rail Cybersecurity Doesn’t Apply to Your Transit Agency — But Should it?

The validity of TSA's determination of "higher risk" passenger rail systems is only as strong as the apparent assumption that a given threat is targeting small and large systems alike to disrupt the entirety of one of the eight urban areas selected.

0 Comments

March 29, 2022