Prepared for Crash Override

Be Prepared for Crash Override with ThreatModeler

The susceptibility of electrical grids around the world came into sharp focus on June 8 as the hacker group known as Electrum used a malware bundle dubbed CRASH OVERRIDE to disrupt power distribution in Kiev, Ukraine. The many similarities of electrical grids across the world, coupled with the malware’s modular framework, had leaders and electrical[…]

Implement Enterprise DevSecOps

How to Implement Enterprise DevSecOps

Enterprise DevSecOps is the union of Agile development, security, and operations. Organizations have experienced some notable success in integrating two of the three pillars of long-term competitive advantage and strategy, alternately benefitting from DevSec, SecOps, and DevOps with each of their hybrid emphasis. However, the real benefit to organization’s bottom line and market advantage is[…]

DevSecOps is Security at Scale

Enterprise DevSecOps is Security at Scale

Enterprise DevSecOps comes from enterprise threat modeling across the comprehensive attack surface. Both seek to infuse security’s perspective end-to-end throughout the enterprise DevOps environment. In our previous article on implementing DevSecOps through rolling out an enterprise threat modeling process, we examined the intersection of SecDev’s focus on end-to-end security and SecOps’ focus on processes and[…]

cyber-physical system

Cyber-Physical System Threat Modeling

The rapid expansion of cloud computing capabilities and the Internet of Things has resulted in tremendous advances in cyber-physical systems. A cyber-physical system, or CPS, connects the virtual world with the physical world, allowing greater mobility and freedom for individuals who require interfacing with intelligent devices. For the May Threat Model of the Month, we[…]