1. Home
  2. Books
  3. Threat Modeling: Designing for Security

Threat Modeling: Designing for Security

The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.

Book contents:

  1. Dive in and Threat Model

  2. Strategies for Threat Modelling

  3. Finding Threats

  4. Stride

  5. Attack Trees

  6. Attack Libraries

  7. Privacy Tools

  8. Processing and Managing Threats

  9. Defensive Tactics and Technologies

  10. Trade-Offs When Addressing Threats

  11. Validating That Threats are Addressed

  12. Threat Modeling Tools

  13. Requirements Cookbook

  14. Web and Cloud Threats

  15. Accounts and Identity

  16. Human Factors and Usability

  17. Threats to Cryptosystems

  18. Bringing Threat Modeling to Your Organization

  19. Experimental Approaches

  20. Architecting for Success

Have you already read the book "Threat Modeling: Designing for Security"?

Please let others know what you think about it by publishing a book review.

Books that could interest you:

Effective Physical Security, Fifth Edition is a best-practices compendium that details the essential elements and latest developments in physical security protection. This new edition is completely updated, with new chapters carefully selected from the author's work that set the standard. This book contains important coverage of environmental design, security surveys, locks, lighting, and CCTV, the latest ISO standards for risk assessment and risk management, physical security planning, network systems infrastructure, and environmental design.
Professional Security Management: A Strategic Guide is a guide to meeting those challenges, providing the security manager with the essential skill set and knowledge base to meet the challenges faced in contemporary, international, or tech-oriented businesses. It covers the basics of strategy, risk, and technology from the perspective of the security manager, focussing only on the 'need to know'. The reader will benefit from an understanding of how risk management aligns its functional aims with the strategic goals and operations of the organisation.
Cybersecurity Essentials provides a comprehensive introduction to the field, with expert coverage of essential topics required for entry-level cybersecurity certifications. An effective defense consists of four distinct challenges: securing the infrastructure, securing devices, securing local networks, and securing the perimeter.

Courses that could interest you:

Level 4 Award in Foundations of Security and Risk Management is designed for Team Leaders and Operational managers, who want to have a better understanding of how to do their job in well-structured and professional manner, and also get a first professional qualification. As well as open courses, this programme can be run as an in-house programme for organisations that have scattered operation, and would like to develop a level of excellence in their front-line security management that is equal to any other aspect of their organisational management processes.
Introduction to Cyber Security is the fastest way to get up to speed in information security. Written and taught by battle-scarred security veterans, this entry-level course covers a broad spectrum of security topics and is liberally sprinkled with real life examples. A balanced mix of technical and managerial issues makes this course appealing to attendees who need to understand the salient facets of information security basics and the basics of risk management. Organizations often tap someone who has no information security training and say, "Congratulations, you are now a security officer." If you need to get up to speed fast, Security 301 rocks!
Certificate in Terrorism Studies is 100% online and it aims to provide knowledge that is so essential to understanding and ultimately responding to terrorism and political violence. Discover how and why terrorists plot against civilians, governments, corporations, commercial operations, transport or IT networks and get ready to make an unmistakable difference to an organisation’s security strategies.

Tip! You may be able to find a set of different books and courses in order to build up your own professional development programme. Try, it's easy.

It would be great if you could contribute to the development of this website, this could help other security professionals!

Matthieu Petrigh maintains security-courses.online as an open source resource.

Legal stuff

All trademarks, registered trademarks and contents appearing on this website are the property of their respective owners. I participate in the Amazon Associates Program, an affiliate advertising program designed to provide me with a means to earn fees by linking to their website(s). Advertise.

Community

Talk on LinkedIn & contribute to Security Courses Online. Security Rating | Speed Index | W3C Compliance

Thanks to the contributors to this project.