Practical Threat Analysis - a calculative Threat Modeling methodology and a Risk Assessment tool for Security Experts

<body bgcolor="white"> <h1 align="left"><font face="Verdana" size="1"> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></h1> <h1 align="center"><font face="Verdana" size="1">PTA Security Libraries</font></h1> <p align="left"><font face="Verdana" size="1">The PTA plug-in libraries architecture enable preparation of security entities checklists that comply with information security standards such as ISO 17799 - BS 7799, ISO 27001/2, NERC/FERC, PCI DSS and many other security compliance standards. Security consultants and experts as well as security service providers can build up libraries with relevant subsets of vulnerabilities, threats, countermeasures and assets that best suit their security management conventions.</font></p> <h3 align="left"><font face="Verdana" size="1">Predefined security entities and checklists</font></h3> <blockquote> <p align="left"><font face="Verdana" size="1"><b>Domain-specific libraries </b>contain predefined security entities such as assets, vulnerabilities, threats and countermeasures which are relevant to specific domain e.g. the MS Telecom Entity Library is a sample PTA library (thl file) that contains basic assets, vulnerabilities, threats and countermeasures relevant to telecom/billing/call accounting Web based solutions developed using Microsoft .Net platform. (The library is available for free download at the <a target="content" href="Documents.htm">Practical Threat Analysis Documents</a> page). </font></p> </blockquote> <h3 align="left"><font face="Verdana" size="1">Support customized security audit methodologies</font></h3> <blockquote> <p align="left"><font face="Verdana" size="1"> Entity libraries can be <b>customized and reused</b> across projects. Customized libraries save the burden of re-entering common entities when building application-specific threat models.</font></p> <p align="left"><font face="Verdana" size="1">Predefined entity libraries, specific to different platforms, environments, application types and architectures can be easily prepared - for example libraries for Web applications, Linux/Microsoft, SQL/Oracle, banking, telecom and healthcare. </font></p> </blockquote> <h3 align="left"><font face="Verdana" size="1">Compliance with software security standards such as ISO 27001:2005 and PCI DSS 1.1</font></h3> <blockquote> <p align="left"><font face="Verdana" size="1">PTA libraries enable preparation of <b>security compliance checklists</b> that comply with information security standards such as ISO 17799 - BS 7799 , ISO 27001/27002 and PCI DSS 1.1 and others. Analyst and consultants can build up relevant subsets of vulnerabilities, threats, countermeasures and assets that best suit their organization's conventions and audit methodology. You are invited to visit the PTA Documents page for a list of the <a target="content" href="Documents.htm">PTA freeware compliance libraries</a>. </font></p> <p align="left"><font face="Verdana" size="1">The concept of PTA security entities and threat model libraries is the best solution for transforming compliance knowledge and data into effective mitigation actions. Visit the <a target="content" href="Comments.htm">PTA Professional Forum</a> and read more on how to convert standard security compliance methodologies to PTA threat models and use them as a dynamic baseline for employing modern risk management system based on quantitative risk analysis. </font></p> </blockquote> <h3 align="left"><font face="Verdana" size="1">Customized libraries for integration with security services and solutions providers </font> </h3> <blockquote> <p align="left"><font face="Verdana" size="1">Security <b>analysts </b> and <b>solutions providers</b> can build relevant subsets of vulnerabilities, threats, countermeasures and assets that best suit their customers and products. Read more on <a target="content" href="PTAforOEM.htm">Integrating PTA with Security Products and Services</a>. The following security entity libraries are now assembled and can be provided as part of our <a target="content" href="Qualified.htm">PTA Qualified Partner Program</a> initiative:</font></p> </blockquote> <p><font face="Verdana" size="1"><font face="Verdana">Read More: </font> <a href="http://www.ptatechnologies.com/libraries.htm"> http://www.ptatechnologies.com/libraries.htm</a></font></p> <p><font face="Verdana" size="1">For getting more information on the updated status of knowledge, expertise and professional experience of the PTA Qualified Partner members you are invited to visit the <a target="content" href="Qualified.htm">Practical Threat Analysis Qualified Partners Directory</a> or directly contact <a href="mailto:zeev@ptatechnolgies.com?subject=request for technical information"> Zeev Solomonik</a>. </font></p> <h3 align="left"><font face="Verdana" size="1">Leverage your expertise</font></h3> <blockquote> <p align="left"><font face="Verdana" size="1">Most of the <a target="content" href="FreeProgram.htm">Practical Threat Analysis Free Program</a> members, being security veterans, prefer to create their own proprietary checklists that reflect their expertise and serve as hallmarks of <b>competitive advantage</b> to their clients. This is in accordance with our guiding principle in developing PTA - we wish to provide consultants with a tool that can be tailored to their personal style and preferences and with which the fruits of their skill, knowledge and ingenuity in analyzing and securing systems will be best presented to the client. </font></p> </blockquote> <h3 align="left"><font face="Verdana" size="1">Share your knowledge</font></h3> <blockquote> <p align="left"><font face="Verdana" size="1"> We encourage members of the <a target="content" href="FreeProgram.htm">Practical Threat Analysis Free Program</a> to publish the plug-in libraries they create and present their professional experience to people in the field as well as potential clients. Indeed, the goal of the free program initiative is to enhance the source base of security knowledge and risk assessment expertise which is packed in PTA libraries and <b>make it available </b>to the wide community of Information Security professionals and security analysts world-wide. </font></p> <p align="left"><font face="Verdana" size="1"> Professionals and independent researches that are members of the PTA Free Program and wish to expose their PTA based expertise and advance their opportunities in findings jobs and projects, are invited to take part in this initiative, make their threat models available to other professionals and share their <a target="content" href="Comments.htm">Practical Threat Analysis Experience</a> with the security community. For more information contact <a href="mailto:Support@ptatechnologies.com?subject=I want to share my PTA experience">Menachem Lidor</a>.</font></p> </blockquote> <p align="left"><font face="Verdana" size="1"><font face="Verdana">Read More: </font><a href="http://www.ptatechnologies.com/libraries.htm">http://www.ptatechnologies.com/libraries.htm</a></font></p> <blockquote> <p align="center"><font face="Verdana" size="1">  ***</font></p> <p align="center"> </p> </blockquote> <p align="center"><font face="Verdana" size="1"><b> <a target="content" href="CaseStudies.htm">Practical Threat Analysis Case Studies</a></b><br> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></p> </body>