What is Threat Modeling
Threat Modeling is a structured process to indentify & enumerate potential threats.
It follows shift left towards mindset
It allows organisation to predict future potential security threats .
Helps in Blue Teaming and Defenders
Analysis of what security controls are required based on the current information systems and the threa landscape
Attack paths, Attack methodology, Motive , Target system .
Requirements
Collabration b/w
Security Architects
Security Operations Team (SOC)
N/W Defenders (NOC)
Threat Intelligence (TI) Team to understand each other's roles, responsibilites, purpose , challenges and Busieness Usecase
Why do we need it?
Threat Modeling helps organisation or Security threat intelligence team to
identify
classify
prioritize threats to ensure proactive approach of defensive security
Steps
Identify the Assets
Outline Architecture
Break Down the Application
Identify Threats
Classify & Strucure Threats
Rate Severity of Threats
STRIDE
PASTA
TRIKE
VAST
DREAD
OCTAVE
Microsoft Threat Modeling Tool
Threat Modeler
securiCAD Professional
IrisuRisk
SD Elements
Tutamen
OWASP Threat Dragon
Last updated