Threat modelling
Threat modelling is a structured approach used in cybersecurity to identify, assess, and mitigate security threats in applications, systems, or networks. It helps organisations proactively address potential security risks by analysing vulnerabilities and designing appropriate defences.
Importance
- Identifies security weaknesses early in development.
- Helps prioritise security efforts based on risk levels.
- Reduces costs associated with fixing security issues later.
- Enhances overall security posture by applying defensive measures.
Key components
- Assets – What needs protection? (e.g., data, servers, user credentials)
- Threats – What could go wrong? (e.g., data breaches, denial-of-service attacks)
- Attackers – Who might attack? (e.g., hackers, insiders, competitors)
- Vulnerabilities – Where are the weaknesses? (e.g., unpatched software, weak encryption)
- Mitigations – How can we defend against threats? (e.g., encryption, access controls)
Common Threat Modelling Methodologies
STRIDE (Microsoft) – Identifies six types of threats:
- Spoofing (impersonation)
- Tampering (unauthorised modification)
- Repudiation (denying actions)
- Information Disclosure (data leaks)
- Denial of Service (disrupting availability)
- Elevation of Privilege (unauthorised access)
DREAD – Helps assess risk impact using five factors:
- Damage potential
- Reproducibility
- Exploitability
- Affected users
- Discoverability
PASTA (Process for Attack Simulation and Threat Analysis) – A risk-centric approach aligning security with business objectives.
OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) – Focuses on organisational risk assessment.
Kill Chain (MITRE ATT&CK Framework) – Models attacker tactics and techniques in different stages of an attack.
Threat Modelling Process
- Define Scope & Objectives – Determine what needs to be protected and why.
- Identify Assets & Dependencies – List important assets and their dependencies.
- Analyse Threats & Vulnerabilities – Identify potential attack vectors.
- Assess Risk & Prioritise Threats – Rank threats based on impact and likelihood.
- Develop & Implement Mitigations – Apply security measures to reduce risks.
- Review & Update – Continuously update threat models to address new threats.
Who Should Perform Threat Modelling?
- Security teams
- Developers
- Architects
- Risk management teams
- DevOps teams