Читать книгу CompTIA PenTest+ Certification For Dummies - Glen E. Clarke - Страница 30

Threat modeling

Оглавление

Penetration testing typically involves an exercise known as threat modeling. Threat modeling refers to the act of documenting company assets and then defining the types of attacks or threats against those assets. The threats are then assigned a likelihood (the chances the attack will happen) and impact (how serious the result of the attack if successful) so that the threats can be prioritized. Based on the priority of the threats, security professionals put security controls in place to prevent those threats from occurring or to minimize the impact.

CompTIA PenTest+ Certification For Dummies

Подняться наверх