Threat Modeling a Retail Environment

Posted by: Michael Howard, Principal Consultant, Cybersecurity

If you have followed this blog, or followed anything Microsoft has done with the Security Development Lifecycle, you’ll know that we are proponents of the benefits of threat modeling as a way to understand the risks to and potential mitigations for a system.

The computer industry is full of systems that look somewhat alike, and have similar “moving parts”; for example, banking, health care, telecommunications and so on. In the wake of high profile attacks on organizations in the retail industry, we thought developing new guidance that helps with the unique requirements and challenges of that industry could be helpful. We decided that the best way to do this was to team up cybersecurity expertise with retail expertise. We combined the security expertise of senior consultants Tim Delong, Mark Simos and myself from the Microsoft Consulting Services Cybersecurity team, with retail industry expertise of Vic Mile and Marty Ramos from Microsoft’s Retail industry vertical team.  Read more

Read more Threat Modeling a Retail Environment

Security Education from the front lines

Read more Security Education from the front lines

Threat Modeling from the Front Lines

Read more Threat Modeling from the Front Lines

What a Journey It Has Been

Read more What a Journey It Has Been

Updated Banned API Documentation Available

Read more Updated Banned API Documentation Available

Updated SAFEcode Development Practices Paper

Read more Updated SAFEcode Development Practices Paper

Back to the Future: Attack Surface Analysis and Reduction

Read more Back to the Future: Attack Surface Analysis and Reduction

ISV adoption of mitigation technologies

Read more ISV adoption of mitigation technologies

Banned APIs and Extending the Visual Studio 2010 Editor

Read more Banned APIs and Extending the Visual Studio 2010 Editor

New Paper: Security Best Practices For Developing Windows Azure Applications

Read more New Paper: Security Best Practices For Developing Windows Azure Applications