multif.actor Profile Photo

multif.actor

A reference book of quotes and ideas.

  • About
  • Archive
  • Photos
  • Feeds
    May 9, 2023 ∞

    risk management

    “What are my top risks? How can I mitigate them?”

    James Clear, 3-2-1: Eliminating Tasks, Optimizing for Your Interests, and Sharing Knowledge

    Apr 19, 2023 ∞

    evaluating threat modeling diagrams

    “Can we tell a story without changing the diagram? Can we tell that story without using words such as “sometimes” or “also”? Can we look at the diagram and see exactly where the software will make a security decision? Does the diagram show all the trust boundaries, such as where different accounts interact? Do you cover all UIDs, all application roles, and all network interfaces? Does the diagram reflect the current or planned reality of the software? Can we see where all the data goes and who uses it? Do we see the processes that move data from one data store to another?”

    Adam Shostack, Threat Modeling

    Apr 14, 2023 ∞

    CISA publishes “secure by design” principles

    The PDF is here..

Hosted by Micro.blog. Designed with ♥ by Matt Langford.