Step One: Threat Assessment.
Threat modeling is the process that improves software and network security by identifying and rating the potential threats and vulnerabilities.
By using the DREAD threat rating system, we can accurately and easily rate each potential threat.
(DAMAGE + REPRODUCIBILITY + EXPLOITABILITY + AFFECTED USERS + DISCOVERABILITY)
Step Two: A Security Assessment
Utilizing 20 Key areas of adoption for CIS Critical Security Controls covering areas like:
-Inventory of Authorized and Unauthorized Devices and Software
-Secure Configurations for Hardware and Software, Maintenance, Monitoring, and Analysis of Audit Logs.
-Malware Defenses, Secure Configurations for Network Devices, Boundary Defense