Designing for Security: Threat Analysis
Module Overview
Threat analysis using STRIDE
Related Unit/Course Learning Outcomes:
O3. justify the professional responsibility to produce reliable software and systems;
O4. assess the social impacts of IT projects;
Materials
- Microsoft STRIDE training module
- Computer Security Principles and Practice, William Stallings and Lawrie Brown, Chapter 1 Overview
- Software Engineering Body of Knowledge (SWEBOK) Section 7-4
Implementation
Class Agenda
- Computer Security: Confidentiality + Integrity + Availability
- Threat Analysis: STRIDE model
- Applying STRIDE for your project
Class Activity
In this class you will review the preliminary threat analysis you performed for your software project in Deliverable 1. Groups will assess the threats using the STRIDE model. Feedback and discussion in class.
Module Assignment
This module is assessed in the take home test through case study scenarios.
Review
Lessons Learnt
Links
Lecturer
Arran Stewart 2023