Reports

REVAMPING THREAT MODELING

Improving Cyber Risk Management by integrating real-world threat activity into the risk mitigation process

January 2023

Cyber Risk Management is a preventive activity aiming to reduce an organization vulnerability, reduces harms to the system and increase the risk taken by adversaries in their malicious operation. The problem is that threat assessment in risk management is rarely tied to realworld cyber threat that are effectively accurate in relation with the studied object.

In this article, we explore the utility of threat analysis in the context of cyber risk management, conducting a review of various threat modeling methods. Building on this foundation, we then present our contribution to the field: the integration of cyber threat intelligence into the threat modeling and risk management processes.

What you will learn:

  • State of the Art Threat Modeling Methodologies 
  • What are the four types of Threat Modeling Methodologies? 
  • How to use STIX Open Vocab to improve Persona non Grata?
  • How to use STIX Open Vocab to improve CVSS scoring?
  • How to use MITRE ATT&CK to improve Attack Trees and STRIDE?
  • How to Improve PASTA with STIX Open Vocab, MITRE ATT&CK, MITRE CAPEC and the Cyber Kill Chain?
  • How to Improve PASTA with STIX Open Vocab, Persona non Grata, MITRE ATT&CK, MITRE CAPEC and the Cyber Kill Chain?

CYBER RESILIENCE GROWTH

A Preventive Cyber Security Strategy Guide for SMB in Singapore September 2022

Many SMEs in Singapore place a strong emphasis on commercial priorities. Growing revenue and guaranteeing a positive cash flow are the two biggest concerns of businesses, followed by reducing costs. While you have to block all incoming strikes, attackers have to succeed ones. Then it is equally important to be shield and to be ready to take the next hit. Cyber Resilience is the path where a successful cyber intrusion have little to no impact.

This Guide offers a step by step approach to turn any SMB into a Cyber Resilient organization. You will gain a deep business-oriented knowledge with cybersecurity principles. If you already have a strategy in place, you will also find useful tips and resources to strengthen your Security Posture.

What you will learn:

  • How to plan a cybersecurity strategy?
  • What is the Security Baseline and how to implement it?
  • How to boost Leadership governance?
  • How to Budget Cybersecurity investment?
  • How to comply with Data Privacy & Security requirements?
  • How to get Government Funding (Singapore only)?
  • How to make your path to cyber resilience?
XRATOR | Conquer your risk