Certified Threat Intelligence Analyst (CTIA) — Question 23

Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages:
Stage 1: Build asset-based threat profiles
Stage 2: Identify infrastructure vulnerabilities
Stage 3: Develop security strategy and plans
Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?

Answer options

Correct answer: C

Explanation

The correct answer is OCTAVE, as it focuses on identifying and managing risks through asset-based threat profiles and vulnerabilities. TRIKE, VAST, and DREAD do not specifically emphasize the same structured approach for assessing organizational risks and developing security strategies as OCTAVE does.