Threat modeling is the process of identifying, analyzing, and mitigating potential security threats to a system or organization. It involves identifying the assets that need to be protected, analyzing the potential threats to those assets, and developing strategies to mitigate or eliminate those threats.
While both threat modeling and VAPT are important tools for ensuring the security of a system or organization, they are used for different purposes and at different stages of the development process. Threat modeling is typically done as a proactive measure, while VAPT is done as a reactive measure. Some organizations may choose to use both approaches as part of a comprehensive security program.
- https://owasp.org/www-project-threat-dragon/
- https://owasp.org/www-community/Threat_Modeling
- https://www.simplilearn.com/what-is-threat-modeling-article
- https://www.synopsys.com/glossary/what-is-threat-modeling.html
- https://www.eccouncil.org/threat-modeling/
- https://komsr3ll.medium.com/threat-modelling-attack-vectors-4f4989336588
- https://www.oreilly.com/library/view/hands-on-red-team/9781788995238/55d89c3e-e3f2-414a-872f-37620e9ab43f.xhtml
- https://www.mitre.org/sites/default/files/2021-11/prs-18-1174-ngci-cyber-threat-modeling.pdf
- https://redcanary.com/blog/threat-modeling/
- https://www.jemurai.com/2020/11/10/risk-and-threat-modeling-with-mind-maps/
- https://shellsharks.com/threat-modeling
- https://youtu.be/h_BC6QMWDbA
- https://youtu.be/GqmQg-cszw4
- https://youtu.be/fggB70PxhmA
- https://youtu.be/lnvYlg4HOX4
- https://youtu.be/GuhIefIGeuA
- https://youtu.be/CjzdC0Eerfw
The first step in threat modeling is to identify the assets that need to be protected. These assets can include data, hardware, software, and people.
The next step is to identify the potential threats to the identified assets. This can be done through a variety of methods, such as brainstorming sessions, reviewing industry reports and research, and consulting with subject matter experts.
Once potential threats have been identified, the next step is to assess the likelihood and impact of each threat. This helps prioritize the threats and determine which ones need to be addressed first.
Based on the likelihood and impact of the identified threats, develop strategies to mitigate or eliminate those threats. These strategies can include implementing technical controls, such as firewalls and intrusion detection systems, as well as non-technical controls, such as security awareness training and incident response plans.
After the threat mitigation strategies have been implemented, it is important to test and validate their effectiveness to ensure that they are effective in mitigating or eliminating the identified threats.
Threat models should be reviewed and updated on a regular basis to ensure that they remain current and relevant. This includes identifying new threats, reassessing the likelihood and impact of existing threats, and updating the threat mitigation strategies as needed.
-
Define the scope of the threat modeling study: This includes identifying the system or organization that needs to be protected and the assets that need to be considered in the threat modeling process.
-
Identify potential threats: This involves identifying potential threats to the assets identified in step 1. This can be done through a variety of methods, such as brainstorming sessions, reviewing industry reports and research, and consulting with subject matter experts.
-
Analyze the likelihood and impact of identified threats: Once potential threats have been identified, the next step is to assess the likelihood and impact of each threat. This helps prioritize the threats and determine which ones need to be addressed first.
-
Develop strategies to mitigate or eliminate identified threats: Based on the likelihood and impact of the identified threats, develop strategies to mitigate or eliminate those threats. These strategies can include implementing technical controls, such as firewalls and intrusion detection systems, as well as non-technical controls, such as security awareness training and incident response plans.
-
Test and validate the effectiveness of the threat mitigation strategies: After the threat mitigation strategies have been implemented, it is important to test and validate their effectiveness to ensure that they are effective in mitigating or eliminating the identified threats.
-
Review and update the threat model: Threat models should be reviewed and updated on a regular basis to ensure that they remain current and relevant. This includes identifying new threats, reassessing the likelihood and impact of existing threats, and updating the threat mitigation strategies as needed.
Threat modelling is a structured approach for analysing the security of an application and enables to identify, quantify, and address the security risks associated with an application. From details about threats and likely attacks against each application, the organization operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business.
- The trust boundaries to and within the application
- The actors that interact within and outside of the trust boundaries
- Information flows within and to and from the trust boundaries
- Information persistence within and out of trust boundaries
- Threats to transgression of trust boundaries by actors and for information flow and persistence
- Vulnerabilities at trust boundaries as accessed by actors and for information flow and persistence
- Threat agents that can exploit the vulnerabilities
- Impact of exploitation of vulnerability by a threat agent
- Decision tree to treat the risk