Threat Modelling
Threat Modelling
Threat Modelling
The first is a description of the security issues the designer cares about. This is the sense
of the question, "What is the threat model for DNSSec?"
In the second sense, Threat modeling is synonymous with the development of attack
trees, which are descriptions of a set of computer security aspects. That is, when looking at a
piece of software (or any computer system), one can define a threat model by defining a set
of possible attacks to consider.
Here in this step we have to do assessments about different kinds of threats that can affect the
system in different nature some may be more dreadful in nature and could cause major loss of
organizations assets, or some may be frequently occur, some treats are accidental, or some may
be intentional etc. so, we have to adopt careful approach to identifying the risks. A common
approach for risk assessment is DREAD uses by Microsoft.
Determine the Countermeasures for Risk responses:
Determine the countermeasures to implement based on your chosen risk responses. We should
document each threat, the description of the threat, the target of the attack, the risk of the attack,
the techniques likely to be used to perform the attack, and a strategy to manage risks that might
be faced by the system.
Update the threat model:
Continually update the threat model based on the emerging security landscape. In-fact Threat
modeling provides a clear "line of sight" across a project that justifies security efforts. The threat
model allows security decisions to be made rationally, with all the information on the table. The
threat modeling process naturally produces an assurance argument that can be used to explain
and defend the security of an application.