An approach to Threat Modeling (Part II)
This is the second post of a series on Threat Modeling. It describes “How to approach Threat Modelling”.
The series consists of following posts:
1.The basics of Threat Modeling
2. An approach to Threat Modeling
3. Threat Modeling with STRIDE Method
Note that this post outlines assets oriented Threat Modeling (process). There are other approaches you can take such as software oriented Threat Modeling and attacker focused Threat Modeling.
Assets oriented Threat Modeling is one of the easiest approach based on threat enumeration of identified assets. This approach is summarised in four different phases:
- Asset Identification: Identify all the assets such as data store, Internal or external entities, network components and associated systems. Classify them based on importance or sensitivity. For example, Classify the stored data based on sensitivity such as Top secret, Secret, confidential or public data. Identify flow between the assets and record metadata such as data classification, protocols and sensitivity.
2. Threat Enumeration: This step is often conducted in brainstorming session where software developers, architects and stockholders participate.
Identify how CIA — Confidentiality, Integrity and Availability of the assets may be impacted based on collected metadata in assets identification phase. This makes up your attack surface exposed to internet with potentially identified threats. You’ll also need to collect all relevant information about known exploits and vulnerabilities associated with each component.
At the end of this phase you will have information about vulnerable components, attack vectors, public exploits and potential other threats associated with the system for which you are Threat Modeling.
3. Prioritisation: It is based on the result of enumeration, to rate potentially identified threats. Goal here is not to stop all the attacks; rather, it’s to protect against the high-impact attacks.
Priorities risk based on impact and severity of threat. You will need to associate vulnerabilities against the assets with potentially identified threats to determine how likely each vulnerability is going to be exploited.
At the end of this phase you will have list of threats with priority associated.
4. Mitigation: This phase aims to provide actionable steps that help to avoid the threats that have been identified. It is important that actionable items are implemented as new features. By implementing a mitigation strategy as the foundation of your development process, you can prevent against potential security breaches and avoid redevelopment of product.
Thank you for reading this post! Stay tuned for the following posts of this series. If you have any feedback, feel free to contact me on Twitter: sschhatra
