Header Ads

Breaking News

Threat modeling explained: A process for anticipating cyber attacks


Threat modeling definition

Threat modeling is a structured process through which IT pros can identify potential security threats and vulnerabilities, quantify the seriousness of each, and prioritize techniques to mitigate attack and protect IT resources.

This broad definition may just sound like the job description of a cybersecurity professional, but the important thing about a threat model is that it is systematic and structured. Threat modelers walk through a series of concrete steps in order to fully understand the environment they’re trying to secure and identify vulnerabilities and potential attackers.

That said, threat modeling is still in some ways an art as much as a science, and there is no single canonical threat modeling process. The practice of threat modeling draws from various earlier security practices, most notably the idea of “attack trees” that were developed in the 1990s. In 1999, Microsoft employees Loren Kohnfelder and Praerit Garg circulated a document within the company called “The Threats to Our Products” that is considered by many to be the first definitive description of threat modeling.

Kohnfelder and Garg called their proposal “the STRIDE framework,” and we’ll look at the details of it later in this article. But it’s important to know that there are a wide variety of threat modeling frameworks and methodologies out there. Some models have different emphases, while others are specific to certain IT disciplines — some are focused specifically on application security, for instance. In this article, we’ll help you understand what all these methodologies have in common, and which specific techniques may be right for you.

Threat modeling process and steps

Each individual threat modeling methodology consists of a somewhat different series of steps, and we’ll discuss the nuances of each later in this article. But to start, we’ll look at the basic logical flow that all these methods have in common.  One of the most succinct and straightforward outlines of the threat modeling process comes from software engineer Goran Aviani. As he puts it, the purpose of a threat model is to answer four questions:

  1. What are we working on?
  2. What can go wrong?
  3. What are we doing to do about it?
  4. Did we do a good job?

The threat modeling process should, in turn, involve four broad steps, each of which will produce an answer to one of those questions.

Copyright © 2020 IDG Communications, Inc.

Source Link

No comments