Threat Modeling a SharePoint Application: An exploratory exercise in preventing data breaches and theft
By
Tony Graves SharePoint Developer and Consultant
Threat modeling is about using models to find security problems. Using a model means abstracting away a lot of details to provide a look at a bigger picture, rather than the code itself. You model because it enables you to find issues in things you haven’t built yet, and because it enables you to catch a problem before it starts.
Threat Modeling can be applied to software you’re building or deploying, or software you’re considering acquiring. Building a SharePoint Solution or website is no different. Here is a brief guide on how to build a minimum threshold for your organization in a SharePoint environment.
Not all content holds the same value for an organization. Some content is transitory and will only provide value for a short time, while other content serves as official records, preserving evidence for a transaction or decision making tool such as eDiscovery.
Based on the book, "Threat Modeling: Designing for Security" the only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!
Read more...
http://www.blacksgonegeek.org/publications
Join The Blacks Gone Geek Community
http://www.blacksgonegeek.org/Pages/JointheBlacksGoneGeekCommunity.aspx
No comments:
Post a Comment