Cyber Threat Intelligence (CTI) in a Nutshell — 2

Hackers are working to stay ahead of security programs and find new ways to break through organizations’ networks, so it is important that security experts use proactive best practices to prevent incidents.

A. Threat Modelling

Threat modeling is a procedure by which potential threats, for example, basic vulnerabilities can be distinguished, specified, and organized — all from a hypothetical attacker’s perspective. The motivation behind threat modeling is to give safeguards a precise examination of the plausible attacker’s profile, the in all likelihood attack vectors, and the assets.

Threat modeling is an iterative procedure that begins amid the early periods of the plan and proceeds all through the application lifecycle. There two reasons. Applications are usually dynamic and they need to be enhanced and adapted. So while the application is getting evolving, the threat modeling process should be repeated. The other reason is, it almost impossible to describe all cyber threats with a one-time process. Figure 4 shows the threat modeling process using a six-stage process.

Even though many threat modeling methodologies are available for implementation…