• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Threat Classification Evolution

Page history last edited by Robert Auger 14 years, 3 months ago

The Threat Classification's Evolution

 

The original scope of the Threat Classification version 2 was to add items missing from the first version, as well as update sections requiring a refresh. As additional items were added it was discovered that the scope, use cases, and purpose of the original document was not as well defined as it could have been. This created a serious hurdle and a much larger scope than we anticipated resulting in a much longer project release cycle. Upon clarifying the scope and terminology used we were faced with unforeseen challenges requiring us to rethink the classification system the Threat Classification was using in order to maintain a static, scalable foundation in which we can build upon.

 

This involved many vigorous months of discussing how to best represent these threats while factoring in that different consumers of the TC have different requirements and opinions for how they wanted the this data to be represented. It was quickly apparent that a one size fits all system simply wasn't feasible for satisfying all of these user requirements. It was concluded that the creation of a simplified system/base view classifying these threats into indexes of attacks and weaknesses would be the best fit for a scalable, firm foundation that we could build upon. Consequent versions of the TC will introduce additional data views allowing for multiple threat representations without compromising the core foundation.  Future versions of the TC will also introduce additional attacks and weaknesses, indexes for impacts and mitigation's, and enhanced integrations with other applicable data points.

 

Comments (0)

You don't have permission to comment on this page.