About this course
Introduction:
Threat modeling serves to identify threats and preventive measures for a system or application. However, threat modeling is one security methodology that has not matched the general rate of cloud adoption, due to a gap in guidance, expertise, and applicability of the practice. Threat modeling for cloud systems expands on standard threat modeling to account for unique cloud services. It allows organizations to further security discussions and assess their security controls and mitigation decisions.
Objectives:
The purpose of this course is to enable and encourage threat modeling for cloud applications, services, and security decisions. To that end, this resource provides crucial guidance to help identify threat modeling security objectives, set the scope of assessments, decompose systems/ applications, identify and rate threats, identify vulnerabilities in the system design, develop and prioritize mitigations and controls, and communicate/report a call-to-action.
Course Outlines:
§ Introduction
§ Purpose
§ Core threat modeling
§ Cloud/ Non- Cloud Threat modeling
§ Products
§ Process
§ Scope of Assessment
§ System & Application of Decomposition
§ Identify & rate threats
§ Identify weaknesses & gaps
§ Periodic Revaluation
§ Creating a cloud threat model
§ Conclusion
Who should attend?
§ Students
§ IT Professionals
Learning Outcomes:
§ Threat modeling is beneficial for cloud services, applications, and systems. It enables cloud adoption, selection of the most secure consumption, service and multi-tenancy models, and critical cloud threats mitigation.
§ Cloud threat modeling is not conducted differently when compared with standard (on-prem) threat modeling, but it requires unique knowledge and extensive use of industry references and resources, along with many cloud-unique considerations (discussed in this publication).
§ Organizations are encouraged to start cloud threat modeling today
.png)
