Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 30

Penetration testing typically involves an exercise known as threat modeling. Threat modeling refers to the act of documenting company assets and then defining the types of attacks or threats against those assets. The threats are then assigned a likelihood (the chances the attack will happen) and impact (how serious the result of the attack if successful) so that the threats can be prioritized. Based on the priority of the threats, security professionals put security controls in place to prevent those threats from occurring or to minimize the impact.

Graphic designed and created by Brendon Clarke.

FIGURE 1-1: The adversary tier.