Optimize Security Mitigation Effectiveness Using STRIDE


Implement the right security controls based on the value of your data value and the risk exposure.

Major Business Pain Points

  • Organizations need to have an accurate view of security to function and grow without being exposed to too much risk.
  • However, the complexity of IT systems and the sophistication of threat actors makes it difficult for security leaders to have the best information about how secure the organization truly is. This blueprint enables security leaders to aggregate relevant information into one place and gain an informed and insightful view of information security.

Recommendations

Key Points

  • Simply meeting regulatory compliance is not enough for security. 
  • Changes to the business are just as dangerous as malicious attackers. The business is changing every day and security measures need to evolve to keep up.
  • Your perception of security is only good as the information you collect. 
  • Being able to show the business how well you are protected is critical to having support for security and being accepted as a business partner. 

Approach

  • Have a clear picture of: 
  • Identified critical data and data flows 
  • Organizational threat exposure 
  • Security countermeasure deployment and coverage 
  • Understand which threats are appropriately mitigated and which are not 

  • Generate a list of initiatives to close security gaps 

  • Create a quantified risk and security model to reassess program and track improvement 

  • Develop measurable information to present to stakeholders 

Methodology and Tools

Executive Brief

Read the concise Executive Brief to find out how a mitigation effectiveness assessment can drive a successful and insightful security program that is right sized to the business.

  • Optimize Security Mitigation Effectiveness Using STRIDE – Executive Brief
  • Optimize Security Mitigation Effectiveness Using STRIDE – Phases 1-6

1. Setup: Data and element classification 

Establish a data and element categorization framework.

  • Optimize Security Mitigation Effectiveness Using STRIDE – Phase 1: Setup – Data and Asset Classification
  • Mitigation Effectiveness Assessment Tool

2. Data and element inventory

Identify valuable data and map where it flows.

  • Optimize Security Mitigation Effectiveness Using STRIDE – Phase 2: Data and Element Inventory

3. Threat severity assessment 

Appraise the organizational threat landscape. 

  • Optimize Security Mitigation Effectiveness Using STRIDE – Phase 3: Threat Severity Assessment

4. Control maturity assessment 

Catalog existing security controls and the threats they mitigate. 

  • Optimize Security Mitigation Effectiveness Using STRIDE – Phase 4: Control Maturity Assessment

5. Outputs and interpretation 

Interpret mitigation assessment results and identify security initiatives. 

  • Optimize Security Mitigation Effectiveness Using STRIDE – Phase 5: Outputs and Interpretation

6. Implementation and maintenance 

Integrate security initiatives into an actionable roadmap. 

  • Optimize Security Mitigation Effectiveness Using STRIDE – Phase 6: Implementation and Maintenance
  • Mitigation Effectiveness and Gap Initiative Communication Deck

© 2021 Cyber Resilience Pty Ltd 

 Privacy Policy | Terms of Service

>