Tuesday, June 16, 2009

IT Infrastructure Threat Modeling Guide.

Russ Mcree (now at Microsoft) has just released the official 1.0 version of the IT Infrastructure Threat Modeling Guide.

I contributed a teeny tiny little bit of reviewage to this when it was in beta, and I have to say, it looked real good. A nice first jab at the problem of looking at whole of your infrastructure risk-wise. At the time, I was already using a similar model at work, but I'm definitely going to be adding this model to the mix.

It's worth a read.

PS: Russ is a great guy and totally open to feedback. If you've got something intelligent and useful to say about the model, please do speak up.

1 comment:

Russ McRee said...

"I contributed a teeny tiny little bit of reviewage to this when it was in beta"
Enough so to warrant your acknowledgment as a Reviewer, your name's in the released document. ;-)
Thanks for the feedback!