Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 155
NIST 800-154
ОглавлениеNIST 800-154, “Guide to Data-Centric System Threat Modeling,” was released in draft form in 2016. It explicitly rejects that best-practice approaches are sufficient to protect sensitive information, as best practice is too general and often overlooks controls specifically tailored to meet the protection of the sensitive asset. NIST 800-154 establishes four major steps for data-centric system threat modeling:
1 Identify and characterize the system and data of interest.
2 Identify and select the attack vectors to be included in the model.
3 Characterize the security controls for mitigating the attack vectors.
4 Analyze the threat model.