Exam CISSP topic 1 question 148 discussion

Threat Modeling approaches on below is the foundation of secure design 1) Focus on assets 2) Focus on attackers 3) Focus on software/ application

C. design is the keywoard

Risk modeling includes threat modeling and vulnerability modeling. This question evaluates security design principles and does not yet involve specific software and network architecture. There is no need to evaluate vulnerability, so only threat modeling is needed. Unfortunately, I initially saw that software and network architecture chose risk modeling, but now I have compiled the interpretation according to the correct answer🤷‍♀️

The technique that evaluates the secure design principles of network or software architectures is C (Threat modeling). Threat modeling is a process used to identify potential threats and vulnerabilities in software, network, or system architectures. It involves identifying potential attackers, their capabilities, and the types of attacks they may carry out. Threat modeling considers the system's design and implementation to identify weaknesses and potential vulnerabilities before they can be exploited. Risk modeling (A) is a broader process that includes identifying potential risks to an organization, assessing their likelihood and impact, and developing strategies to mitigate or manage those risks.

The technique that evaluates the secure design principles of network or software architectures is threat modeling. Threat modeling is a structured approach used to identify, assess, and mitigate potential threats and vulnerabilities in a system or application. It involves analyzing the system's components, data flows, and potential attack vectors to identify potential threats and their potential impact. By evaluating the secure design principles of network or software architectures, organizations can identify and address security weaknesses early in the development lifecycle. Therefore, the correct answer is C. Threat modeling.