|
DREAD is part of a system for risk-assessing computer security threats previously used at Microsoft. It provides a mnemonic for risk rating security threats using five categories. The categories are: * Damage - how bad would an attack be? * Reproducibility - how easy is it to reproduce the attack? * Exploitability - how much work is it to launch the attack? * Affected users - how many people will be impacted? * Discoverability - how easy is it to discover the threat? The DREAD name comes from the initials of the five categories listed. It was initially proposed for threat modeling, but it was discovered that the ratings are not very consistent and are subject to debate. It was out of use at Microsoft by 2008. 〔(''Do you use DREAD as it is?'' )〕 When a given threat is assessed using DREAD, each category is given a rating. For example, 3 for high, 2 for medium, 1 for low and 0 for none. The sum of all ratings for a given exploit can be used to prioritize among different exploits. == See Also == * STRIDE - another mnemonic for security threats * Cyber security and countermeasure 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「DREAD (risk assessment model)」の詳細全文を読む スポンサード リンク
|