2023 IT Examiner School

Types of Threats & Vulnerabilities

STRIDE (Threats)  Spoofing  Tampering  Repudiation  Information Disclosure  Denial of Service  Escalation of Privilege

DREAD (Vulnerabilities)  Damage  Reproducibility  Exploitability

 Affected Users  Discoverability

What are you afraid of?

• Ransomware • Configuration errors • Spear Phishing

• Website Defacement • Social Engineering • Remote access risks • Bring Your Own Device • Third Parties • Employees “insider threats” • Regulators