Member-only story

Threat Modeling — The Short Version

:/Jenn
Dark Roast Security
4 min readJan 28, 2022

--

Threat Modeling is the structured practice of identifying and prioritizing potential threats and vulnerabilities, and the prioritization of mitigations to protect assets, including confidential data and intellectual property.

Adapted from Threat Modeling Methodologies

Threat Modeling Best Practices

  1. Define the scope and depth of analysis
  2. Understand what you’re threat modeling — Create a diagram or flowchart of the major components and how all the systems are connected.
  3. Model the attack possibilities — Identify assets, security controls, and threat agents to create a security model of the system.
  4. Identify threats — Identify potential attacks.
  5. Evaluate missing or weak security controls

Methodologies

STRIDE

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service (DoS), and Elevation of Privilege (STRIDE) was developed by Microsoft with the goal to aid applications in meeting security standards based on the CIA triad principles: Confidentiality, Integrity, and Availability. STRIDE offers a six-category process to identify security threats, shown below.

--

--

Dark Roast Security
Dark Roast Security

Published in Dark Roast Security

Dark Roast Security’s mission is to inspire, educate, and share ideas about InfoSec. Follow to join our community!

:/Jenn
:/Jenn

Written by :/Jenn

Cybersecurity Doctoral Student. Forever curious;; Ask the questions, follow the trail, and #ShareTheKnowledge

Responses (5)