YoVDO

Threat Modeling: Information Disclosure in Depth

Offered By: LinkedIn Learning

Tags

Threat Intelligence Courses Cryptography Courses Cloud Security Courses Threat Modeling Courses Secrets Management Courses

Course Description

Overview

Learn about the information disclosure pillar in the STRIDE threat modeling framework. Discover how to preserve the confidentiality of the data, secrets, and other information you store.

Syllabus

Introduction
  • Allow me to disclose something
  • Four-question framework
  • Information disclosure as a part of STRIDE
1. Data at Rest
  • Authorized access
  • Physical layer
  • Metadata
2. Data in Motion
  • Encrypted and unencrypted
  • Metadata in motion
  • Non-internet data
3. Information Disclosure by Processes
  • Intentional disclosure
  • Metadata and security
4. Side Effects
  • Radios: Intentional and accidental
  • Timing
  • Interpretation
5. Disclosure in Certain Technologies
  • Cloud
  • IoT and mobile
  • AI and machine learning
6. Defenses
  • Metadata management
  • Secrets and secrets management
  • Cryptography
Conclusion
  • Next steps

Taught by

Adam Shostack

Related Courses

Academia de auditoría en la nube: independencia en la nube (Español LATAM) | Cloud Audit Academy - Cloud Agnostic (Spanish from Latin America)
Amazon Web Services via AWS Skill Builder Accelerating GKE Incident Response with Prisma Cloud and Cortex XSOAR
Google via Google Cloud Skills Boost Amazon Detective Deep Dive
A Cloud Guru AWS Certified Cloud Practitioner (CLF-C01)
A Cloud Guru AWS Certified Security - Specialty 2020
A Cloud Guru