Practical Threat Analysis News
*Note: to use Practical Threat Analysis freeware threat models or libraries you should have
Professional Edition tool installed on your computer.
Feb 27, 2008
PTA Technologies is happy to announce the launch of
PTA Qualified Partner Program planned for end of March 2008.
The PTA Qualified Partner Program enables security consulting companies to
install PTA on several workstations in their offices as well as at their
clients' sites. The program enables risk
experts to showcase their business and their capabilities. Consultants and
end-users alike will be able to find world-class know-how and unique
PTA-based offerings from qualified partners on the PTA Qualified Partner
Radinovsky for more details on how to join the PTA Qualified Partner Program.
Sep 18, 2007
The free PTA for PCI DSS
1.1 package is not just another checklist to keep the compliance
policy at bay, it is a great way for any merchant to protect customer
payment card data. The package contains a baseline threat model, a PTA
library and all the relevant PCI standard documentation organized as PTA
The threat model is intended for use in self-assessments by PCI risk
assessors. The library can be used by Practical Threat Analysis professionals in order to
integrate PCI DSS entities into their existing threat models and create an
integrated risk model for the entire enterprise.
Download the free PCI DSS
1.1 package and learn how to self assess the risk to your business here:
Using Practical Threat Analysis to attain PCI DSS 1.1 compliance.
Apr 17, 2007
The PTA for ISO 27001
package provides a systematic and extremely efficient means
for performing ISO 27001 risk assessment and certification audits. The
library enables a risk analyst to construct an economically-justified,
cost-effective set of countermeasures that reduces risk in the customers'
business environment. Any sized firm can execute a "gentle" implementation
plan of controls that fits their budget instead of an all-or-nothing
checklist implementation (revised: September 2007).
Read how the
Control Policy Group introduces
the new freeware library for performing ISO 27001 risk assessment audits,
automating ISO 27001 implementations and transforming compliance knowledge
and data into effective mitigation actions.
What is PTA?
Software technology and
tools for performing Practical Threat Analysis
PTA (Practical Threat Analysis) is a
software technology and a suite of tools that enable security
consultants and organizational users to find the most beneficial and
cost-effective way to secure systems and applications according to their
specific functionality and environment.
How does it work?
The threat analysis process begins by describing the
specific threats and vulnerabilities of the system. The threats are then
associated with assets that might be damaged. The process continues by
finding the exact set of countermeasures that will fit different threats.
The risk level, potential damage and countermeasures required are all
presented in real $ values. PTA automatically calculates the level of risk
and the maximum available mitigation and advises on the most cost effective
way to mitigate threats and reduce overall system risk.
Who should use PTA?
PTA was designed to assist the work of security
consultants, software analysts and information security officers. PTA is a
powerful yet easy to use tool for analyzing systems threats. It speaks the
practical language of business and enables analysts to clearly explain what
is needed to be done in order to mitigate top threats in an optimized
When should Practical Threat Analysis be done?
The best time to initiate PTA is during system design
phase. Potential losses and security countermeasures may be defined at the
start and prevent future problems. For systems already in operation, PTA can
identify areas of corrective actions. Since assets, threats, vulnerabilities
and countermeasures vary throughout a system's life cycle, threat analysis
should be a continuous task.
Quickly build threat models, analyze
risks and manage risk mitigation policies
Using PTA, analysts can quickly build threat models,
analyze risks and manage risk mitigation policies relevant to the business's
Inputs may be obtained from a variety of external and internal sources
e.g. vulnerability scanners, real-time network analyzers, security standards
checklist, security event repositories as well as from the business
management resources and accountants reports. The information can be entered
manually as well as automatically.
In addition to recommending the most cost effective countermeasures, PTA
presents the current level of security of the monitored system. Once used,
PTA enables dynamic changes in each of the defined threats, vulnerabilities,
assets and countermeasures parameters. This allows an effective and
continuous security management, throughout the business routine without
duplicating efforts and at minimal cost.
You are invited to have a
look at the
Practical Threat Analysis in a
for a more detailed description of the Practical Threat Analysis
methodology or dig into the details in reading the full
Practical Threat Analysis in Depth
Practical Threat Analysis
in Depth -
Analysis Case Studies