Security Threat Modelling / Analysis - using STRIDE - useful for CISSP certification #cybersecurity

This video provide an introduction to the theory behind threat modelling and analysis using the STRIDE categorization scheme. It provides a way to identify threats to software you are developing yourself as well as off-the-shelf software products. This is one of the things you need to know if you are planning to gain CISSP cybersecurity certification. The video talks about the theory on creating a data flow diagram, and how the analysis is then applied. In a future video I plan to create another video with a practical example of how to apply STRIDE analysis to an open source software projects. The 6 steps to STRIDE are: Spoofing Tampering Repudiation Information Disclosure Denial of Service DoS Elevation of privilege For more details see: http://www.penguinfortress.com/security/threatmodel-stride Chapters: 00:00 Threat modelling / analysis 00:15 Why threat modelling 01:15 Threat modelling and software lifecycle 02:05 Identifying threats 02:50 Stride mnemonic 06:21 Data Flow Diagram 06:42 Microsoft Threat Analysis tool 07:08 Summary