In this video, I have discussed some questions related to threat modeling, which can be helpful for you while preparing for #cissp #ccsp #cisa #csslp exam #STRIDE
Prabh, I would like to know why this would not be correct sequence. PLEASE PLEASE HELP : Assessment scope Identity exploitable vulnerabilities Identify threat agents & possible attack Prioritize the risks Understand existing counter measure Identity countermeasure to reduce threat
In my opinion, unless you define a threat or a potential attack can take place (eg. fire) you would not be able to identify related vulnerability (electric room, server room, pantry gas/microwave) that can be exploited (to start a fire) so threat is identified first if it is really materialistic then analyze vulnerabilities
I came up the same sequence. If you don't know the vulnerability how can you determine threat agent who can exploit it by following a particular sequence of attack.
Threat agents could be large in numbers, once we have scope assessment why not understand existing vulnerabilities of systems in scope? Wouldn't it be more efficient instead of looking for all the threat agents and attacks?
Hi Prabh, I'm currently studying the Domain 8. While practicing in the CISSP Official Practice Tests, there is a question related to threat modeling program (Question 9), however, I couldn't find nothing related in the Official guide in this domain in particular. How is the approach that I have to take into account regarding threat modeling in Domain 8?
Dear prabh thanks a lot for the video! one doubt regarding the second question. unless we identify vulnerability, how can we identify threat agent and possible attacks? thx in advance
I'm also confused as vulnerabilities give rise to threats and threat agents use exploit that vulnerability introduce .. you first should identify system vulnarebilites then only you will be able to effectively identify all threat agents .
I love this version of coffee.
This session was a stress reliever one.
Amazing once again .
Going through all your cofee shots bhai!
I have my CISSP exam on feb and feel much confident after watching the shots series.
Awesome
Thanks Prabh for helping us break down the questions.
Thank you :) and
Excellent and was very helpful. Would like to more such coffee. 😊
Thank you :)
awesome :)
Great Prabhu...
Excellent video sir
👍
Me too more sessions please
Wouldn't you want to identify vulnerabilities after you identify threats? Thanks
Yes u right but it's more like most framework
Prabh, I would like to know why this would not be correct sequence. PLEASE PLEASE HELP : Assessment scope
Identity exploitable vulnerabilities
Identify threat agents & possible attack
Prioritize the risks
Understand existing counter measure
Identity countermeasure to reduce threat
This is precisely the order I came up with while viewing. I am confused by the answer in the video also.
In my opinion, unless you define a threat or a potential attack can take place (eg. fire) you would not be able to identify related vulnerability (electric room, server room, pantry gas/microwave) that can be exploited (to start a fire) so threat is identified first if it is really materialistic then analyze vulnerabilities
I came up the same sequence. If you don't know the vulnerability how can you determine threat agent who can exploit it by following a particular sequence of attack.
Threat agents could be large in numbers, once we have scope assessment why not understand existing vulnerabilities of systems in scope? Wouldn't it be more efficient instead of looking for all the threat agents and attacks?
Hi Prabh, I'm currently studying the Domain 8. While practicing in the CISSP Official Practice Tests, there is a question related to threat modeling program (Question 9), however, I couldn't find nothing related in the Official guide in this domain in particular. How is the approach that I have to take into account regarding threat modeling in Domain 8?
Excellent Prabh, if possible,
plz give us coffee twice a day.. we're addicted:)
Lol
Dear prabh thanks a lot for the video! one doubt regarding the second question. unless we identify vulnerability, how can we identify threat agent and possible attacks? thx in advance
Threat has no connection with vulnerability
Threat is an action w
I'm also confused as vulnerabilities give rise to threats and threat agents use exploit that vulnerability introduce .. you first should identify system vulnarebilites then only you will be able to effectively identify all threat agents .