Issue link: https://resources.mouser.com/i/1530851
C h a p t e r 3 | P r o p o r t i o n a l i t y o f R i s k – I n t r o d u c t i o n t o R i s k / T h r e a t A n a l y s i s knowledge. Calculating the attack complexity requires a holistic approach. Some factors that designers should consider include the ease of accessing the product, the users who have access to it, and the conditions under which the attack can happen. An attacker's availability of time, ease of access, breadth of technical knowledge, and access to financial resources and tools all play a role in attack complexity evaluations. 4. Understanding the Threat Environment Threat analysis must also take into account the broader threat environment. The security needs of edge devices operating in controlled, physically secure environments will differ from those deployed in public or hostile environments. For instance, edge devices used in military or critical infrastructure applications are likely to face more sophisticated, targeted attacks and thus require stronger protections. Devices operating in less critical environments can often rely on less complex security measures, as they are less likely to be targeted by advanced threats. The proportionality of security measures ensures that security resources are allocated based on the severity of the potential consequences. High-risk, high- impact devices require robust, multi- layered security, including features like • Hardware-based security • Isolation of sensitive software processes • Isolation of critical security functions • Tamper detection • Protections against advanced hardware attacks • Device attestation • Boot & runtime integrity protections • Device recovery mechanisms • Regular renewal of device credentials • Encryption of data at rest • Secure communications with various cryptographic suites A risk and threat analysis will identify threat actors, their motivations, and the tools they may use to cause an information breach. This exercise also reveals the necessary data flow, storage, and access controls to prevent threat actors from achieving their goals." Asad Haque Executive Director, Security Architecture, Comcast 19 7 Experts Discuss Managing Security Risk and Regulatory Compliance at the Edge