CCSP Exam: Understanding the "I" in the STRIDE Threat Model

Identity

Question

What concept does the "I" represent with the STRIDE threat model?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

Perhaps the biggest concern for any user is having their personal and sensitive information disclosed by an application.

There are many aspects of an application to consider with security and protecting this information, and it is very difficult for any application to fully ensure security from start to finish.

The obvious focus is on security within the application itself, as well as protecting and storing the data.

The STRIDE threat model is a framework used to identify and categorize different types of security threats that may be encountered during software development. It helps developers and security professionals to systematically analyze and address potential security risks in software systems.

The STRIDE model stands for the following six types of security threats:

  • Spoofing
  • Tampering
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Therefore, the "I" in the STRIDE threat model represents "Information disclosure".

Information disclosure occurs when an attacker gains access to sensitive information without authorization. This type of threat can lead to privacy violations, data breaches, and other security risks. Examples of information disclosure include eavesdropping on network traffic, stealing login credentials, or exploiting vulnerabilities in web applications to access sensitive data.

In summary, the STRIDE threat model is a useful tool for identifying and mitigating security risks in software systems, and the "I" in STRIDE stands for "Information disclosure".