Unified Security Platform
Tooling Defenses At Different Strata
37 min readOct 16, 2023
There are many frameworks, and we would require one that simplifies and unifies all of them. Right from the aspect of organizational Kultur, the framework methodologies such as STRIDE, DREAD, PASTA, or CIA, would be incorporated to address compliance with security standards and regulations. There has to be intel first on the clear and present danger, then drill and train, war-game, audit the operation and security posture of the organization. The framework has to be alive and practicable when integrated as threat modeling into SDLC, DevOps, etc. The methodologies must also adapt and evolve with the situation.
POAD
Physical security.
Operational security.
Administrative security.
Digital security.STRIDE (threat categories): a mnemonic framework that stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of Service, and Elevation of privilege.[Spoofing]: {PR.AC-1, PR.AC-6, PR.AC-7, PR.PT-1}
[Tampering]: {PR.AC-2, PR.DS-1, PR.DS-2, PR.DS-6, PR.DS-8, PR.IP-3, PR.MA-1, PR.PT-1, PR.PT-2, DE.CM-2, DE.CM-4, DE.CM-5, DE.CM-7}
[Repudiation]: {PR.AC-1, PR.AC-6, PR.AC-7, PR.PT-1}
[Information disclosure]: {PR.DS-1, PR.DS-2, PR.DS-5, PR.IP-6, PR.PT-2}
[Denial of Service]: {PR.DS-4, PR.IP-4, PR.PT-5}
[Elevation of privilege]: {PR.AC-4, PR.PT-3, DE.CM-4…