Practical Threat Analysis -a calculative Threat Modeling methodology and a Risk Assessment tool for Security Experts

<body bgcolor="white"> <h1 align="left"><font face="Verdana" size="1"> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></h1> <h1 align="center"><font face="Verdana" size="1">Practical Threat Analysis News</font></h1> <p><font face="Verdana" size="1"> <b>*</b>Note: to use Practical Threat Analysis freeware threat models or libraries you should have the <a target="main" href="DownloadResult.htm">PTA Professional Edition tool installed</a> on your computer.</font></p> <p><font face="Verdana" size="1"><b>Feb 27, 2008</b></font></p> <blockquote> <p><font face="Verdana" size="1"> PTA Technologies is happy to announce the launch of the free <a target="main" href="Qualified.htm">PTA Qualified Partner Program</a> planned for end of March 2008. </font></p> <p><font face="Verdana" size="1"> The PTA Qualified Partner Program enables security consulting companies to install PTA on several workstations in their offices as well as at their clients' sites. The program enables risk experts to showcase their business and their capabilities. Consultants and end-users alike will be able to find world-class know-how and unique PTA-based offerings from qualified partners on the PTA Qualified Partner directory.</font></p> <p><font face="Verdana" size="1">Contact <a href="mailto:sales@ptatechnologies.com?subject=PTA Qualified Partner Program">Marina Radinovsky</a> for more details on how to join the PTA Qualified Partner Program.</font></p> </blockquote> <p><font face="Verdana" size="1">        Read More: <a href="http://www.ptatechnologies.com/news.htm">http://www.ptatechnologies.com/news.htm</a><br> </font></p> <p><font face="Verdana" size="1"><b>Sep 18, 2007</b></font></p> <blockquote> <p><font face="Verdana" size="1"> The free <a target="_blank" href="Documents/PCI_DSS_1_1.zip">PTA for PCI DSS 1.1 package</a> is not just another checklist to keep the compliance policy at bay, it is a great way for any merchant to protect customer payment card data. The package contains a baseline threat model, a PTA library and all the relevant PCI standard documentation organized as PTA Professional Edition attached documents. </font></p> <p><font face="Verdana" size="1"> The threat model is intended for use in self-assessments by PCI risk assessors. The library can be used by Practical Threat Analysis professionals in order to integrate PCI DSS entities into their existing threat models and create an integrated risk model for the entire enterprise. <a target="_blank" href="Documents/PCI_DSS_1_1.zip">Download the free PCI DSS 1.1 package</a>  and learn how to self assess the risk to your business here: <a target="_blank" href="http://www.software.co.il/2011/11/the-tao-of-grc/">Using Practical Threat Analysis to attain PCI DSS 1.1 compliance.</a> </font></p> </blockquote> <p align="left"><font face="Verdana" size="1">        Read More: <a href="http://www.ptatechnologies.com/news.htm">http://www.ptatechnologies.com/news.htm</a></font></p> <p><font face="Verdana" size="1"><b>Apr 17, 2007</b></font></p> <blockquote> <p><font face="Verdana" size="1"> The <a target="_blank" href="Documents/PTA_ISO27001_Library.zip">PTA for ISO 27001 package</a> provides a systematic and extremely efficient means for performing ISO 27001 risk assessment and certification audits. The library enables a risk analyst to construct an economically-justified, cost-effective set of countermeasures that reduces risk in the customers' business environment. Any sized firm can execute a "gentle" implementation plan of controls that fits their budget instead of an all-or-nothing checklist implementation (revised: September 2007). </font></p> <p><font face="Verdana" size="1"> Read how the <a target="_blank" href="http://www.controlpolicy.com/2008/08/making-iso27001-risk-assessment-effective/">Control Policy Group</a></span>  introduces the new freeware library for performing ISO 27001 risk assessment audits, automating ISO 27001 implementations and transforming compliance knowledge and data into effective mitigation actions.</font></p> </blockquote> <p><font face="Verdana" size="1">        Read More: <a href="http://www.ptatechnologies.com/newsheaders.htm">http://www.ptatechnologies.com/newsheaders.htm</a></font></p> <blockquote> <h1 align="center"> </h1> <h1 align="center"><font face="Verdana" size="1">What is PTA?</font></h1> <h3 align="left"><font face="Verdana" size="1">Software technology and tools for performing Practical Threat Analysis</font></h3> <p><font face="Verdana" size="1">PTA (Practical Threat Analysis) is a software technology and a suite of tools that enable security consultants and organizational users to find the most beneficial and cost-effective way to secure systems and applications according to their specific functionality and environment</font><font face="Verdana"><font size="1">. </font></p> <h3 align="left"><font size="1">How does it work?</font></h3> <font size="1">The threat analysis process begins by describing the specific threats and vulnerabilities of the system. The threats are then associated with assets that might be damaged. The process continues by finding the exact set of countermeasures that will fit different threats. The risk level, potential damage and countermeasures required are all presented in real $ values. PTA automatically calculates the level of risk and the maximum available mitigation and advises on the most cost effective way to mitigate threats and reduce overall system risk. </font> <h3 align="left"><font size="1">Who should use PTA?</font></h3> <font size="1">PTA was designed to assist the work of security consultants, software analysts and information security officers. PTA is a powerful yet easy to use tool for analyzing systems threats. It speaks the practical language of business and enables analysts to clearly explain what is needed to be done in order to mitigate top threats in an optimized cost-effective way.<br> </font><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/newsheaders.htm">http://www.ptatechnologies.com/newsheaders.htm</a></font><h3 align="left"><font size="1"> When should Practical Threat Analysis be done?</font></h3> <font size="1">The best time to initiate PTA is during system design phase. Potential losses and security countermeasures may be defined at the start and prevent future problems. For systems already in operation, PTA can identify areas of corrective actions. Since assets, threats, vulnerabilities and countermeasures vary throughout a system's life cycle, threat analysis should be a continuous task. </font> <h3 align="left"><font size="1">Quickly build threat models, analyze risks and manage risk mitigation policies</font></h3> <font size="1">Using PTA, analysts can quickly build threat models, analyze risks and manage risk mitigation policies relevant to the business's domains.</font><font face="Verdana" size="1"> Inputs may be obtained from a variety of external and internal sources e.g. vulnerability scanners, real-time network analyzers, security standards checklist, security event repositories as well as from the business management resources and accountants reports. The information can be entered manually as well as automatically. </font><font size="1"><br> <br> In addition to recommending the most cost effective countermeasures, PTA presents the current level of security of the monitored system. Once used, PTA enables dynamic changes in each of the defined threats, vulnerabilities, assets and countermeasures parameters. This allows an effective and continuous security management, throughout the business routine without duplicating efforts and at minimal cost.</font><p> <span style="font-weight: 400"> <font color="#000000" face="Verdana" size="1">You are invited to have a look at the <a target="_self" href="PTAInANutshell.htm">Practical Threat Analysis in a Nutshell</a> for a more detailed description of the Practical Threat Analysis methodology or dig into the details in reading the full <a target="_self" href="PTA4.htm">Practical Threat Analysis in Depth</a> article. </font></span></p> <p align="left"><font face="Verdana" size="1">Read More: <a href="http://www.ptatechnologies.com/newsheaders.htm">http://www.ptatechnologies.com/newsheaders.htm</a></font></p></font> </blockquote> <blockquote> <p align="center"> <font face="Verdana" size="1"> ***</font></p> <p> </p> <p align="center"><font face="Verdana" size="1"><b> <a target="_self" href="PTA4.htm">Practical Threat Analysis in Depth</a></b>  -  <b><a href="CaseStudies.htm">Practical Threat Analysis Case Studies</a></b><br> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></p> </blockquote> </body>