*Note: to use Practical Threat Analysis freeware threat models or libraries you should have the PTA Professional Edition tool installed on your computer.
Feb 27, 2008
PTA Technologies is happy to announce the launch of the free PTA Qualified Partner Program planned for end of March 2008.
The PTA Qualified Partner Program enables security consulting companies to install PTA on several workstations in their offices as well as at their clients' sites. The program enables risk experts to showcase their business and their capabilities. Consultants and end-users alike will be able to find world-class know-how and unique PTA-based offerings from qualified partners on the PTA Qualified Partner directory.
Contact Marina Radinovsky for more details on how to join the PTA Qualified Partner Program.
Sep 18, 2007
The free PTA for PCI DSS 1.1 package is not just another checklist to keep the compliance policy at bay, it is a great way for any merchant to protect customer payment card data. The package contains a baseline threat model, a PTA library and all the relevant PCI standard documentation organized as PTA Professional Edition attached documents.
The threat model is intended for use in self-assessments by PCI risk assessors. The library can be used by Practical Threat Analysis professionals in order to integrate PCI DSS entities into their existing threat models and create an integrated risk model for the entire enterprise. Download the free PCI DSS 1.1 package and learn how to self assess the risk to your business here: Using Practical Threat Analysis to attain PCI DSS 1.1 compliance.
Apr 17, 2007
The PTA for ISO 27001 package provides a systematic and extremely efficient means for performing ISO 27001 risk assessment and certification audits. The library enables a risk analyst to construct an economically-justified, cost-effective set of countermeasures that reduces risk in the customers’ business environment. Any sized firm can execute a "gentle" implementation plan of controls that fits their budget instead of an all-or-nothing checklist implementation (revised: September 2007).
Read how the Control Policy Group introduces the new freeware library for performing ISO 27001 risk assessment audits, automating ISO 27001 implementations and transforming compliance knowledge and data into effective mitigation actions.
Dec 08, 2006
The article Enterprise Software Risk Reduction with Practical Threat Analysis introduces a risk analysis method which embeds the PTA methodology and technology for mitigation of defects in enterprise legacy systems.
Reduction of defects in enterprise legacy systems can be a highly effective approach for reducing operational risk. The new method employs standard software vulnerability classifications and quantitative evaluation of how well removing defects reduces risk. The output of the process is financial justification for an effective risk mitigation plan. The plan includes the most cost-effective countermeasures that reduce the risk level to a minimum at a given capital and variable cost.
Mar 13, 2006
Extrusion Prevention Seminar - learn how to defend your corporate brand from cyber threats.
Today's most devastating attacks on the corporate brand are launched from within the company, by intruders who have compromised your PC’s and servers as well as trusted insiders with permissions to access your marketing plans and customer lists.Combining Fidelis outgoing content monitoring technology with the Practical Threat Aanalysis threat model and calculative methods, enables planning and prioritization of countermeasures using actual ‘in-vivo’ data acquired from the company’s IT, networking and applications activities. The solution enables business management to quickly evaluate cyber and trusted-insider threats.
Aug 12, 2005
PTA Free Program for Security Consultants enables security consultants to use PTA Professional Edition in their risk analysis missions and add value to their service proposition. Experts can use the software to store and maintain their client’s threat database and to provide their customers with additional services such as security knowledge management, operational consulting and continuous optimization of countermeasures.
Jan 20, 2005
The first published article on Practical Threat Analysis for the Software Industry in www.SecurityDocs.com presents the PTA calculative threat modeling methodology: the terminology, definitions and the detailed steps of the analysis process - you are invited to post your comments.
Click here for an extended and updated version of the article.
Jan 01, 2005
PTA Technologies has initiated a free program for students, researchers and independent security consultants. The program is intended to enhance the source base of PTA expertise and Practical Threat analysis threat models and make them available to the wide community of engineers and security analysts world-wide. As a member of PTA Free Program you may use, free-of-charge, a single instance of PTA Professional Edition for your professional aims.
You may submit your request to participate in PTA Free Program by sending us an email with the following registration details:
1) First and Last Name:
2) Address:
3) Phone:
4) Email:
5) Organization / College / University:
6) Job Title / Position / Academic Level:
7) The area of your profession:
In addition, please email us the “User Code 1” and “User Code 2” numbers as displayed in the “Registration” dialog box that will open when starting the trial version of PTA Professional Edition. (Press the “Yes” button in the dialog that asks if you would like to purchase registration code).
As soon as we process your registration details, we shall send you the unlock Registration Keys that enable you to extend the usage period of PTA. Read more on PTA Free Program initiative.
What is PTA?
Software technology and tools for performing Practical Threat Analysis
PTA (Practical Threat Analysis) is a software technology and a suite of tools that enable security consultants and organizational users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment.
How does it work?
The threat analysis process begins by describing the specific threats and vulnerabilities of the system. The threats are then associated with assets that might be damaged. The process continues by finding the exact set of countermeasures that will fit different threats. The risk level, potential damage and countermeasures required are all presented in real $ values. PTA automatically calculates the level of risk and the maximum available mitigation and advises on the most cost effective way to mitigate threats and reduce overall system risk.Who should use PTA?
PTA was designed to assist the work of security consultants, software analysts and information security officers. PTA is a powerful yet easy to use tool for analyzing systems threats. It speaks the practical language of business and enables analysts to clearly explain what is needed to be done in order to mitigate top threats in an optimized cost-effective way.
When should Practical Threat Analysis be done?
The best time to initiate PTA is during system design phase. Potential losses and security countermeasures may be defined at the start and prevent future problems. For systems already in operation, PTA can identify areas of corrective actions. Since assets, threats, vulnerabilities and countermeasures vary throughout a system’s life cycle, threat analysis should be a continuous task.What are the common problems arising during system threat analysis?
- Analyzing only a particular ‘technology environment’, for example networking, makes it difficult to thoroughly explore the threats to the business . This is especially true in complex applications with many interfaces.
- Seldom analysis – in many cases a system is analyzed only once during its life cycle and the output is a heavy report that no one reads.
- Analysis models and reports are not dynamic; changes in a parameter in the reality of the model will not be immediately reflected in the countermeasures recommended.
- There is no quantitative valuation of the severity of threats in real $ value. No one can explain in business terms what is the trade off between threat risk and the cost of mitigation.
- The outcome of the analysis does not include clear recommendations on the most efficient and cost-effective countermeasures required and how to sequence their implementation.
Quickly build threat models, analyze risks and manage risk mitigation policies
Using PTA, analysts can quickly build threat models, analyze risks and manage risk mitigation policies relevant to the business's domains. Inputs may be obtained from a variety of external and internal sources e.g. vulnerability scanners, real-time network analyzers, security standards checklist, security event repositories as well as from the business management resources and accountants reports. The information can be entered manually as well as automatically.
In addition to recommending the most cost effective countermeasures, PTA presents the current level of security of the monitored system. Once used, PTA enables dynamic changes in each of the defined threats, vulnerabilities, assets and countermeasures parameters. This allows an effective and continuous security management, throughout the business routine without duplicating efforts and at minimal cost.You are invited to have a look at the Practical Threat Analysis in a Nutshell for a more detailed description of the Practical Threat Analysis methodology or dig into the details in reading the full Practical Threat Analysis in Depth article.
***
Practical Threat Analysis in Depth - Practical Threat Analysis Case Studies
Home Page