1
00:00:01,710 --> 00:00:07,710
The diagram you see above shows a more formal approach to the dreaded modeling used in application design.

2
00:00:09,090 --> 00:00:15,320
Potential attack pads are presented on a threat tree thanks to this we can follow the attack from the

3
00:00:15,320 --> 00:00:18,450
beginning to the end and review its consequences.

4
00:00:20,220 --> 00:00:25,560
The example shows that gaining anonymous access to the administrator interface is possible through enabling

5
00:00:25,560 --> 00:00:32,660
remote administration or obtaining the administrators password.

6
00:00:32,680 --> 00:00:36,650
The diagram helps us classify the threat in accordance with the Dredd model.

7
00:00:39,890 --> 00:00:44,260
After the threat has been assessed we have to decide how to minimalize it.

8
00:00:45,070 --> 00:00:50,350
We put the threat value on the chart such as you can see in the slide.

9
00:00:50,520 --> 00:00:57,430
We put the threat value on the y axis and we put the resource value on the x axis.

10
00:00:57,430 --> 00:01:01,140
The chart is very important because it shows the risk acceptance curve.

11
00:01:03,420 --> 00:01:06,420
Every value under the curve represents an acceptable threat.

12
00:01:08,980 --> 00:01:14,200
There's no point in investing money on the prevention of such threats.

13
00:01:14,200 --> 00:01:17,820
This is because either the risk or the resource value is very low.

14
00:01:19,120 --> 00:01:23,980
With the increase of the resource value we approached the curve and eventually cross-city

15
00:01:26,960 --> 00:01:30,330
high resource value places the threat above the curve.

16
00:01:30,330 --> 00:01:37,370
Even if the risk value is relatively low this requires us to take measures to minimize the risk

17
00:01:42,250 --> 00:01:44,320
creating the risk acceptance curve chart.

18
00:01:44,320 --> 00:01:52,550
It's the last stage of threat modeling on the chart replaced points that represent individual threats.

19
00:01:52,560 --> 00:01:57,570
The chart helps us to decide what we should do next.

20
00:01:57,590 --> 00:02:02,560
The first method we could employ is outsourcing.

21
00:02:02,560 --> 00:02:09,620
This is a very popular solution which consists in transferring the risk onto somebody else.

22
00:02:09,720 --> 00:02:15,390
We're aware of the resource value but also know that the protection will be so costly or so complicated

23
00:02:15,390 --> 00:02:19,200
from the technical side that we're not able to implement it on our own.

24
00:02:21,280 --> 00:02:27,730
In such situations we can hire a web hosting company to manage the database or instead of managing a

25
00:02:27,730 --> 00:02:34,120
web server independently we can buy a webspace from a hosting company which guarantees the safety of

26
00:02:34,120 --> 00:02:35,070
our content.

27
00:02:38,780 --> 00:02:43,150
The second solution consists of implementing a protective infrastructure.

28
00:02:43,270 --> 00:02:51,220
For example you could use network auditing software such as an intrusion detection system IDs by an

29
00:02:51,220 --> 00:02:54,200
application firewall to protect the server.

30
00:02:54,310 --> 00:02:59,530
Or you could transfer this server to another subnet and restrict the access to the server by limiting

31
00:02:59,530 --> 00:03:06,740
the possibilities of communication with the subnet such strategies usually involved ready made solutions

32
00:03:06,740 --> 00:03:14,230
created by companies dealing in I.T. Security.

33
00:03:14,260 --> 00:03:18,280
The third option is to create a security policy tailored to our own needs.

34
00:03:19,780 --> 00:03:24,550
Initially it seems to be the most expensive and the most demanding way of increasing the security of

35
00:03:24,550 --> 00:03:25,600
the system.

36
00:03:27,940 --> 00:03:30,930
This is the way I've been trying to persuade you throughout the seminar

37
00:03:33,470 --> 00:03:40,890
outsourcing risk acceptance or ready made solutions are not the best answers to the problem.

38
00:03:40,940 --> 00:03:49,340
The best ways to implement your own solution adjusted to the specific needs of your own system.

39
00:03:49,430 --> 00:03:55,770
However if you decide to try sourcing I advise you consider a solution that's been very popular recently

40
00:03:57,060 --> 00:03:58,680
namely cloud computing

41
00:04:02,840 --> 00:04:09,980
you can move whole applications or systems to the cloud contrary to private clouds public clouds or

42
00:04:09,980 --> 00:04:13,740
in fact computer infrastructures to rent.

43
00:04:13,830 --> 00:04:17,570
You don't have to invest in computers administrators or programmers.

44
00:04:19,290 --> 00:04:25,360
The solution involves low initial cost because in fact we only lease all of these.

45
00:04:25,430 --> 00:04:28,780
It's an alternative to implementing your own security policy.

46
00:04:31,760 --> 00:04:35,500
We are however interested in the security level of such a solution.

47
00:04:38,880 --> 00:04:44,150
The chart you see above presents a comparison of the security levels of different solutions we've discussed.

48
00:04:45,850 --> 00:04:50,940
The first column demonstrates a traditional model in which you manage the infrastructure all by yourself.

49
00:04:52,410 --> 00:04:58,730
The elements of the system you're responsible for in this model are highlighted in yellow these elements

50
00:04:58,730 --> 00:05:06,940
include physical protection of the server room operating system configuration etc..

51
00:05:07,050 --> 00:05:10,470
The last column represents an adjusted model used in the public cloud

52
00:05:13,490 --> 00:05:19,560
the public cloud is in fact three distinct types of cloud computing.

53
00:05:19,620 --> 00:05:25,320
You can buy a cloud which consists of infrastructure only that is computers with pre-installed operating

54
00:05:25,320 --> 00:05:27,070
systems.

55
00:05:27,070 --> 00:05:29,420
What do you do with them is completely up to you.

56
00:05:31,590 --> 00:05:38,730
A basic rule is that the company is only responsible for what's provided in the case of the Ayas cloud

57
00:05:39,450 --> 00:05:45,490
you're responsible for the security of applications data and the environment in which the users work.

58
00:05:48,730 --> 00:05:54,160
The second type of cloud computing is called Platform as a service.

59
00:05:54,410 --> 00:05:59,630
In addition to what you get with the highest cloud the cloud comes with an environment for specific

60
00:05:59,630 --> 00:06:00,950
applications.

61
00:06:02,620 --> 00:06:11,080
If we bypass the cloud we're not responsible for the security of that environment software as a service

62
00:06:11,080 --> 00:06:15,470
as another type of cloud computing.

63
00:06:15,480 --> 00:06:20,910
This means that we buy a complex service solution and we are not responsible for any additional details

64
00:06:22,840 --> 00:06:26,590
Google Docs is an example of a Sassa cloud.

65
00:06:26,830 --> 00:06:31,990
If we choose the Sask cloud we completely transfer the responsibility for the security to the provider

66
00:06:31,990 --> 00:06:34,960
of the service.

67
00:06:35,140 --> 00:06:38,380
The SAS cloud however is rarely used in companies

68
00:06:42,380 --> 00:06:43,190
in this module.

69
00:06:43,190 --> 00:06:46,860
We've discussed how to assess threat risk.

70
00:06:46,870 --> 00:06:49,010
We've tried to answer the question.

71
00:06:49,210 --> 00:06:55,610
When do you have to take action to counter previously identified risk.

72
00:06:55,630 --> 00:06:58,820
I've given you three possible solutions to the problem.

73
00:06:58,900 --> 00:07:03,050
Ignoring the risk was not included.

74
00:07:03,160 --> 00:07:09,820
We can transfer the responsibility to someone else implement our own solution or create a security policy

75
00:07:09,820 --> 00:07:11,480
tailored to our own needs.

76
00:07:12,890 --> 00:07:14,220
Thank you for your attention.