mailing list archives
RE: Threat Modeling
From: aporia () tiscali co uk
Date: Thu, 20 May 2004 17:21:54 +0100
I've been looking for a free set of threat models, too - no luck, though
- would be interested to know if you are successful.
_However_ I can recommend a software product called CRAMM. I don't know
if you've used it, but basically it's a tool developed by HMG in Cheltenham.
The great thing about it, and the reason it costs 4,000 GBP is that it
contains a database of over 3000 threats, vulnerabilities and countermeasures.
It also follows a specific methodology (Crown Copyright), and is aligned
Unfortunately, the cost is a significant barrier to using it. What about
just buying the BS7799 (about 150 GBP) and ISO TR 13335: Guidelines for
Management of IT Security (GMIT)? A reasonable starter pack. This isn't
fee either, unfortunately. But it is American.
Ian Ristic [ivanr () webkreator com]
Any links to any free threat modeling tools out there ?
Does anyone know what happened to the threat modeling tool
Microsoft announced in late 2003?
[ Open source IDS for Web applications ]
Broadband from an unbeatable £15.99!