Nothing Special   »   [go: up one dir, main page]
Scribd Logo
Upload

Welcome to Scribd!

  • 151 views

    Threat Modelling

    Uploaded by

    ayeshashafeeq
    Threat modeling is a procedure that involves identifying vulnerabilities and objectives in a network, application, or internet system, and defining countermeasures to prevent or mitigate threats. It involves identifying application requirements, modeling the system architecture, identifying potential threats, assigning risk values to threats, determining countermeasures, and continually updating the threat model based on emerging security issues. The goal is to optimize security by assessing risks from potential attacks in order to minimize or eliminate threats to the system. Threat modeling has become an integral part of the security development lifecycle for many organizations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Threat Modelling

    Uploaded by

    ayeshashafeeq
    151 views3 pages
    Threat modeling is a procedure that involves identifying vulnerabilities and objectives in a network, application, or internet system, and defining countermeasures to prevent or mitigate threats. It involves identifying application requirements, modeling the system architecture, identifying potential threats, assigning risk values to threats, determining countermeasures, and continually updating the threat model based on emerging security issues. The goal is to optimize security by assessing risks from potential attacks in order to minimize or eliminate threats to the system. Threat modeling has become an integral part of the security development lifecycle for many organizations.

    Original Description:

    networking

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Threat modeling is a procedure that involves identifying vulnerabilities and objectives in a network, application, or internet system, and defining countermeasures to prevent or mitigate threats. It involves identifying application requirements, modeling the system architecture, identifying potential threats, assigning risk values to threats, determining countermeasures, and continually updating the threat model based on emerging security issues. The goal is to optimize security by assessing risks from potential attacks in order to minimize or eliminate threats to the system. Threat modeling has become an integral part of the security development lifecycle for many organizations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    151 views3 pages

    Threat Modelling

    Uploaded by

    ayeshashafeeq
    Threat modeling is a procedure that involves identifying vulnerabilities and objectives in a network, application, or internet system, and defining countermeasures to prevent or mitigate threats. It involves identifying application requirements, modeling the system architecture, identifying potential threats, assigning risk values to threats, determining countermeasures, and continually updating the threat model based on emerging security issues. The goal is to optimize security by assessing risks from potential attacks in order to minimize or eliminate threats to the system. Threat modeling has become an integral part of the security development lifecycle for many organizations.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 3

    What is Threat Modelling?

    Threat modeling is a procedure for optimizing Network/ Application/ Internet Security by


    identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or
    mitigate the effects of, threats to the system. A threat is a potential or actual undesirable event
    that may be malicious (such as DoS attack) or incidental (failure of a Storage Device). Threat
    modeling is a planned activity for identifying and assessing application threats and
    vulnerabilities.
    Threat modeling has two distinct, but related meanings in computer world:

    The first is a description of the security issues the designer cares about. This is the sense
    of the question, "What is the threat model for DNSSec?"

    In the second sense, Threat modeling is synonymous with the development of attack
    trees, which are descriptions of a set of computer security aspects. That is, when looking at a
    piece of software (or any computer system), one can define a threat model by defining a set
    of possible attacks to consider.

    Use of Threat Model:


    A threat model can help to assess the probability, the potential harm, the priority etc., of
    attacks, and thus help to minimize or eradicate the threats. More recently, threat
    modeling has become an integral part of Microsoft's SDL (Security Development
    Lifecycle) process.
    Threat Modeling Approach:
    General high level overviews of common steps in the defensive perspective threat modeling are:

    Figure 1: Threat Modeling Steps


    Define the application requirements:
    To identifying the application requirements is the first step when we going towards the
    development of threat model for any particular organization. Every organization has some
    confidential data, from salaries to Social Security numbers. We cannot have idea what hackers
    want until we've identified the sensitive information in our organization.
    Model the application architecture:
    To create overview of organizational architecture is the second step. We have to clear about for
    what purpose the system is designed (like use cases of system), how can we develop the
    architecture and design of our system(like architectural model of system) that it will function
    efficiently and what technologies are required to implement the design. The deep knowledge
    about the systems architecture provides help to identify common technology-specific threats and
    implement solutions to overcome them.
    Identify any threats:
    In the fourth step, we have to identify threats that might affect our system and compromise our
    systems assets. We have to take a thorough examine of all modules from all aspects to check the
    vulnerabilities or loop holes that can cause a threat in future for the system. The best way to go
    deep with the systems application is to use attack trees, which define a potential attack on your
    system in a structured and hierarchical manner.
    Assign risk values and determine the risk responses:

    Here in this step we have to do assessments about different kinds of threats that can affect the
    system in different nature some may be more dreadful in nature and could cause major loss of
    organizations assets, or some may be frequently occur, some treats are accidental, or some may
    be intentional etc. so, we have to adopt careful approach to identifying the risks. A common
    approach for risk assessment is DREAD uses by Microsoft.
    Determine the Countermeasures for Risk responses:
    Determine the countermeasures to implement based on your chosen risk responses. We should
    document each threat, the description of the threat, the target of the attack, the risk of the attack,
    the techniques likely to be used to perform the attack, and a strategy to manage risks that might
    be faced by the system.
    Update the threat model:
    Continually update the threat model based on the emerging security landscape. In-fact Threat
    modeling provides a clear "line of sight" across a project that justifies security efforts. The threat
    model allows security decisions to be made rationally, with all the information on the table. The
    threat modeling process naturally produces an assurance argument that can be used to explain
    and defend the security of an application.

    You might also like