Skip to content

Commit

Permalink
Merge pull request #5 from inspired-consulting/feature/add-docs-page
Browse files Browse the repository at this point in the history 
Added docs page
  • Loading branch information
@otigges
otigges authored Feb 1, 2024
2 parents e425c35 + 04a96b4 commit 8187376
Show file tree
Hide file tree
Showing 3 changed files with 201 additions and 1 deletion.
198 changes: 198 additions & 0 deletions src/docs.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="ThreatShield - Knowledge" />
<link rel="stylesheet" href="./css/main.css" />
<title>Document - ThreatShield</title>
</head>
<body class="flex flex-col min-h-screen mt-6">

<div class="container mx-auto text-left py-12 px-4 max-w-4xl flex-grow">
<div class="flex justify-between items-center">
<h1 class="my-4 text-3xl font-bold">
ThreatShield - Knowledge and HowTo
</h1>
<a class="btn btn-primary rounded" href="/">Back</a>
</div>

<section>
<header>
<h3 class="mt-10 text-base font-semibold leading-7 text-indigo-600">Grasp Fundamentals</h3>
<h2 class="mt-2 font-bold text-xl text-primary-900">What is Threat Modelling?</h2>

</header>
<p class="mt-2">
Threat modelling is a critical process in cybersecurity, focused on identifying, assessing, and mitigating potential threats in software systems and IT environments. This proactive approach involves several key steps: identifying valuable assets (data, systems), determining threats to these assets (like unauthorized access, data breaches), and formulating strategies for mitigation. It's an ongoing practice, essential for adapting to evolving threats and changing system landscapes.
</p>
<p class="mt-5">
At its heart, threat modeling enables organizations to anticipate security vulnerabilities, thereby enhancing their defensive strategies against cyber attacks. By integrating this process into the software development lifecycle or operational maintenance, it significantly strengthens system security and resilience. This foundational understanding sets the stage for more in-depth methodologies, like the STRIDE model, discussed in subsequent chapters.
</p>
</section>
<section>
<header>
<h3 class="mt-10 text-base font-semibold leading-7 text-indigo-600">Enhance Strategy</h3>
<h2 class="mt-2 font-bold text-xl text-primary-900">The Role of Threat Modelling in Cybersecurity</h2>
</header>
<p class="mt-2">
Threat modelling is pivotal in strengthening cybersecurity defenses. It serves as a strategic approach that aligns with the broader objectives of information security. By systematically identifying potential vulnerabilities and the threats they may invite, organizations can develop a more robust and proactive security posture.
</p>
<p class="mt-5">
This process is particularly crucial in the early stages of software development and system design. It allows for the early detection and mitigation of security risks, significantly reducing the likelihood of future breaches and attacks. By integrating threat modelling into the development lifecycle, developers and security teams can collaboratively anticipate and address security issues, ensuring that protective measures are baked into the system from the outset.
</p>
<p class="mt-5">
Moreover, threat modelling is not just a one-time task but a continuous practice. As threats evolve and new vulnerabilities emerge, ongoing threat modelling helps maintain an up-to-date understanding of the security landscape, enabling organizations to adapt and respond effectively to emerging threats. This dynamic approach is key to maintaining long-term security and resilience in an ever-changing digital world.
</p>
</section>
<section>
<header>
<h3 class="mt-10 text-base font-semibold leading-7 text-indigo-600">Understand Core</h3>
<h2 class="mt-2 font-bold text-xl text-primary-900">Basic Concepts and Terminology in Threat Modelling</h2>
</header>
<p class="mt-2">
Threat modelling revolves around several key concepts and terminologies that form the basis of understanding and implementing this process effectively.
</p>
<ul role="list" class="ml-10 list-decimal space-y-3">
<li class="mt-5">
<p>
<span class="font-bold">IT-System:</span>
Refers to the combination of software, hardware, and network components that make up the technology infrastructure of an organization. This can include servers, workstations, applications, databases, and network devices.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Assets:</span>
These are the valuable components within an IT system that need protection. Assets can be tangible, like hardware devices, or intangible, such as data, intellectual property, or the reputation of the organization.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Threats:</span>
These are potential events or actions that could cause harm to the IT system or assets. Threats can vary widely, from cyber attacks like hacking and malware to physical threats like theft or natural disasters.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Risks:</span>
Risks arise from the potential of threats to exploit vulnerabilities in the IT system. They represent the potential for loss or damage when a threat interacts with a vulnerability. Risk assessment is about evaluating the likelihood and impact of these risks.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Mitigations:</span>
These are the strategies and actions taken to reduce the likelihood of a threat occurring or to minimize its impact if it does occur. Mitigation can involve technical solutions, like firewalls and encryption, as well as administrative measures like policies and training.
</p>
</li>
</ul>
<p class="mt-5">
Understanding these concepts is fundamental in effectively implementing threat modelling. They provide a framework for identifying and addressing potential security issues, thereby laying the groundwork for a comprehensive cybersecurity strategy.
</p>
</section>
<section>
<header>
<h3 class="mt-10 text-base font-semibold leading-7 text-indigo-600">Discover STRIDE Methodology</h3>
<h2 class="mt-2 font-bold text-xl text-primary-900">A Primer for Threat Analysis</h2>
</header>
<p class="mt-2">
The STRIDE model is a crucial framework in threat modeling, designed to systematically identify and categorize potential security threats. Developed by Microsoft, it serves as an acronym representing six different types of security threats:
</p>
<ul role="list" class="ml-10 list-decimal space-y-3">
<li class="mt-5">
<p>
<span class="font-bold">Spoofing Identity:</span>
This involves impersonating something or someone else to gain unauthorized access to systems or data. It's a common tactic in identity theft and phishing attacks.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Tampering with Data:</span>
This refers to unauthorized alteration of data, which can compromise its integrity. Examples include changing system settings or modifying data in transit.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Repudiation:</span>
Involves denying the performance of an action or transaction, often in the absence of adequate tracking or auditing. This can enable malicious actors to deny their activities, making it difficult to prove wrongdoing.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Information Disclosure:</span>
This is the unauthorized access or exposure of confidential information, which can lead to data breaches and loss of privacy.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Denial of Service (DoS):</span>
It aims at disrupting the availability of services, systems, or networks, often by overwhelming them with requests, thereby hindering legitimate users' access.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Elevation of Privilege:</span>
This occurs when a user or process gains higher access levels than initially intended, often exploiting system vulnerabilities to bypass security controls.
</p>
</li>
</ul>
<p class="mt-5">
Understanding the STRIDE model is vital for identifying potential security threats in IT systems and applications. It provides a structured approach to threat modeling, enabling organizations to analyze and address each type of threat effectively. As we delve deeper into threat modeling, STRIDE serves as a foundational tool for evaluating and strengthening system security.
</p>
</section>
<section>
<header>
<h3 class="mt-10 text-base font-semibold leading-7 text-indigo-600">Empower Defense</h3>
<h2 class="mt-2 font-bold text-xl text-primary-900">The Essential Role of Threat Modelling in Security Strategy
</h2>
</header>
<p class="mt-2">
Integrating threat modeling into an organization's security strategy is crucial for maintaining a proactive and dynamic defense against evolving cyber threats. This chapter highlights the key benefits and the concept of Continuous Threat Exposure Management (CTEM).
</p>
<ul role="list" class="ml-10 list-decimal space-y-3">
<li class="mt-5">
<p>
<span class="font-bold">Proactive Security Posture:</span>
Threat modeling shifts an organization from a reactive to a proactive security stance, allowing for the anticipation and pre-emption of potential threats.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Informed Risk Management:</span>
It enables more accurate identification and assessment of risks, ensuring effective allocation of security resources.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Enhanced Cross-Team Collaboration:</span>
It fosters collaboration across development, operations, and security teams, embedding security considerations throughout the system's lifecycle.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Regulatory Compliance:</span>
Threat modeling aids in meeting regulatory standards, crucial for legal and financial integrity.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Continuous Threat Exposure Management (CTEM):</span>
This approach involves regularly updating and revising threat models to reflect new threats, vulnerabilities, and changes in the organization's IT environment. CTEM ensures that security measures evolve continuously, aligning with the dynamic nature of the threat landscape.
</p>
</li>
<li class="mt-5">
<p>
<span class="font-bold">Building Stakeholder Trust:</span>
Demonstrating rigorous security practices through threat modeling strengthens trust among customers and partners.


</p>
</li>
</ul>
<p class="mt-5">
Through integrating threat modeling and CTEM, organizations can create a robust, adaptable security strategy, essential for tackling the challenges of today's cybersecurity environment.
</p>
</section>
</div>
{{> footer }}
</body>
</html>
3 changes: 2 additions & 1 deletion src/partials/footer.hbs
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
<footer class="bg-primary-800 pt-12 pb-6 w-full text-md text-center text-gray-100">
<div class="space-x-5">
<a href="/">Home</a>
<a href="/docs.html">Document</a>
<a href="/terms.html">Terms of Service</a>
<a href="/privacy.html">Privacy</a>
<a href="/imprint.html">Imprint</a>
<a href="/imprint.html">Imprint</a>
</div>
<div class="mt-4 text-xs text-gray-300">
<a href="https://inspired.consulting">&copy; 2024 Inspired Consulting GmbH</a>
Expand Down
1 change: 1 addition & 0 deletions vite.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ export default {
imprint: new URL("./src/imprint.html", import.meta.url).pathname,
terms: new URL("./src/terms.html", import.meta.url).pathname,
privacy: new URL("./src/privacy.html", import.meta.url).pathname,
docs: new URL("./src/docs.html", import.meta.url).pathname,
},
},
},
Expand Down

0 comments on commit 8187376

Please sign in to comment.