Conceptual Frameworks

This course provides an overview of several security frameworks used to assist in threat modeling.

6 videos  //  47 minutes of training

Free training week — 1,400+ on-demand courses and hands-on labs

Course description

In this course, you’ll look at four public-domain conceptual security threat and weakness frameworks that can greatly assist the threat model activity. Each model has its own strengths and weaknesses for use. All frameworks provide proposed mitigations that a threat modeler can use as part of the threat model analysis.

Course syllabus

STRIDEDuration: 14:50

This video provides a description of the simplicity and utility of the STRIDE mnemonic for quick threat analysis.

OWASP Top 10 (OT10)Duration: 14:05

What is OT10 and how can it be used?

CWE (Mitre)Duration: 8:15

What is the Common Weakness Enumeration and how can it be used?

Attack Kill Chain ATT-CK (Mitre)Duration: 4:52

This video explores how to map the simple Attack Kill-Chain to the more complex ATT&CK framework.

STRIDE to OWASP-Top-10 Mapping (Lab)Duration: 3:18

In this video, you'll explore mapping STRIDE to OT10 to understand the granularity of attack patterns.

STRIDE to CWE Mapping (Lab)Duration: 2:07

In this video, you'll explore mapping STRIDE to CWE to understand the granularity of attack patterns.

Meet the author

Geoffrey Hill

LinkedIn

Geoffrey Hill has been in the IT industry since 1990, when he wrote and sold C++ based solutions to measure risk in the commodities markets in New York City. Since then he has worked around the world, specifically New York, Sydney, Tokyo, Emmerich-am-Rhein and London.

In the mid 2000s, He was the main custodian of the Microsoft Security Development Lifecycle (SDL) initiative in the UK and then international services organization as part of the Microsoft Security Center of Excellence (SCOE). From 2013 – 2018, he worked as the sole application security architect for Visa Europe in London, where he started Tutamantic Ltd, a producer of software risk automation. Geoff is the inventor of the Rapid Threat Model Prototyping (RTMP) methodology. This threat model methodology allows for quick modelling in Agile and DevOps environments.

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

IDC MarketScape Leader: U.S. IT Training

IDC MarketScape Leader: U.S. IT Training

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec