MICROSOFT INFORMATION SECURITY

ACE SERVICES

Threat Analysis and Modeling Training

To protect your applications and build a secure system, it is imperative that you
identify and understand all of the potential threats to your applications. Threat
The Microsoft modeling is an increasingly valuable discipline, and one that should form part of
your application design phase.
Application Threat
What is Threat Analysis and Modeling?
Modeling methodology
Building on the principle that one cannot feasibly build a secure system until one
objectively and understands the threats against it, threat modeling first identifies threats, and
then helps create a strategy to prevent the attacks that can be used to realize
consistently identifies such threats.
threats at design time, The challenge, however, is that many threat modeling methodologies are not
easily adaptable, either because they require reasonable subject-matter
thereby enabling the
expertise in information security, or because they don’t provide a focus on typical
creation of a security applications in enterprise environments. Microsoft has built and refined its threat
modeling process to the point where minimal security subject-matter expertise is
strategy prior to required in order to produce a feature-rich threat model.
implementation.
Why take Threat Analysis and Modeling Training?
The training provides the knowledge of the process, its benefits and tool used for
threat modeling activity to the attendees.

The training allows you to

1. Get familiar with the Microsoft Threat Modeling Process

2. Get familiar with the Microsoft Threat Analysis and Modeling Tool that is
available freely from Microsoft.

3. Start planning on integrating threat modeling as a security activity in your

software development lifecycle.
 Return on Investment
The Microsoft
Several reasons contribute to the return on investment argument, however the
Information Security most significant of those are

ACE Services team has 1. Reduce the costly errors in your application which arise from lack formal
education on security.
over 8 years of 2. Reduce the probability of getting attacked from inside and outside the
perimeter.
experience in protecting
a. Protect your brand name
Microsoft’s own assets b. Protect your data

at Microsoft IT References
http://blogs.msdn.com/threatmodeling/
http://www.microsoft.com/downloads/details.aspx?FamilyId=59888078-9DAF-
4E96-B7D1-944703479451&displaylang=en

Additional Security Offerings

 Security Code Review
 Security Design Review
 Custom Secure Design Guidance Engagement
 Custom Server Hardening Engagement

For more information

Contact your Microsoft
Services representative or visit
www.microsoft.com/services.

© 2009 Microsoft Corporation. All rights reserved. This data sheet is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft
is either a registered trademark or trademark of the Microsoft group of companies.