Threat Modeling for Critical Infrastructure

Threat Modeling for Critical Infrastructure

It’s not surprising that we have to protect our critical infrastructure from cyberattacks. What might be a surprise is what all constitutes critical infrastructure. There are actually 16 sectors where the United States government has set up critical infrastructure...
Cybersecurity Tool Bloat—Yeah it’s a Thing

Cybersecurity Tool Bloat—Yeah it’s a Thing

Listen to any cybersecurity tool vendor and they’ll try to convince you of two things. You need their type of product for protection and theirs is the best of breed. And most of them can be very persuasive. The result? Lots of unused (and often unneeded) security...
Threat Modeling is not the Same as Threat Mapping

Threat Modeling is not the Same as Threat Mapping

There’s a belief in the security community that if you’re doing threat mapping, you don’t need to do threat modeling. The idea is that threat mapping is just as good as, or at least takes the place of, threat modeling. It’s true they are both a formalized way to...