EU NIS2 Directive
The digital landscape is vast and continually evolving, prompting the need for comprehensive security measures. With the rise in cyber threats, the European Union (EU) … Read More
EU NIS2, DORA, CRA and AI Act
Network and Information Security Directive (NIS2) What is it: The Network and Information Security Directive (NIS2) replaces the original NIS. It aims to improve cyber security & resilience within the … Read More
Threat Modeling Framework
The Threat Modeling Framework describes activities & components needed to perform threat modeling in a structured and systematic manner, from external factors influencing a threat model to the core threats … Read More
Why Threat Modeling is Overly Complex and How We Can Simplify It
Threat modeling can often feel complex and confusing for security professionals who are new to it. Further, it can feel extra complex to developers, management, … Read More
Threat Modeling the Okta Attack
Okta’s customer support system was attacked, allowing the attackers to access Okta customer systems. This was possible because the Okta customer support system contained HAR … Read More
Threat Modeling the 23andMe Data Breach
23andMe was attacked, or specifically, its users were, which resulted in a major data breach affecting many of its users (potentially up to 4 million … Read More
DREAD Threat Modeling
What is DREAD Threat Modeling DREAD threat modeling is a quantitive assessment regarding the severity of a threat, with a scaled rating assigned to risk. … Read More
LINDDUN Threat Modeling
What is LINDDUN Threat Modeling LINDDUN is a threat modeling method focused on privacy. It was developed by privacy experts at KU Leuven (a university … Read More
Automated Threat Modeling
Automated threat modeling is the process of threat modeling and utilizing as much automation as possible, reducing the amount of manual work needed by team … Read More
Threat Modeling Versus Vulnerability Management: Understanding the Key Differences
Threat modeling and vulnerability management are both essential components of a comprehensive cybersecurity program. Both are used to identify weaknesses in applications and IT systems … Read More