When you perform threat modeling for your organization, you document potential threats and prioritize those threats (often by putting yourself in an attacker’s mindset). There are four well-known methods. STRIDE, introduced at Microsoft in 1999, focuses on spoofing of user identity, tampering, repudiation, information disclosure, denial of service and elevation of privilege. PASTA (process for attack simulation and threat analysis) provides dynamic threat identification, enumeration and scoring. Trike uses threat models based on a requirements model. VAST (visual, agile and simple threat modeling) applies across IT infrastructure and software development without requiring security experts.
Threat Modeling Methodologies.
Part of the job of the security team is to identify threats. You can identify threats using different methods:
A Focus on Attackers.
This is a useful method in specific situations. For example, suppose that a developer’s employment is terminated. After extracting data from the developer’s computer, you determine that the person was disgruntled and angry at the management team. You now know this person is a threat and can focus on what he or she might want to achieve. However, outside of specific situations like this, organizations are usually not familiar with their attackers.
What is Assets.
Your organization’s most valuable assets are likely to be targeted by attackers. For example, if you have a large number of databases, the database with the HR and employee information might be the most sought after.
Focus on Software.
Many organizations develop applications in house, either for their own use or for customer use. You can look at your software as part of your threat identification efforts. The goal isn’t to identify every possible attack, but instead to focus on the big picture, such as whether the applications are susceptible to DoS or information disclosure attacks.
The Concepts (Threat Modeling).
If you understand the threats to your organization, then you are ready to document the potential attack vectors. You can use diagramming to list the various technologies under threat. For example, suppose you have a SharePoint server that stores confidential information and is therefore a potential target. You can diagram the environment integrating with SharePoint. You might list the edge firewalls, the reverse proxy in the perimeter network, the SharePoint servers in the farm and the database servers. Separately, you might have a diagram showing SharePoint’s integration with Active Directory and other applications. You can use these diagrams to identify attack vectors against the various technologies.
This paragraph offers clear idea in favor of the new
people of blogging, that actually how to do running a blog.
I like to be right here. I like the way you write. Perfect!
fantastic and outstanding blog. I actually wish to thank you, for
providing us better info.
This article provides clear idea designed for the new users of blogging,
that genuinely how to do blogging and site-building.
I have found good messages here. I like the way you write.
Nice!
Wonderful short article. Articles that have purposeful as well
as insightful content are much more enjoyable.
Truly really delighted to say, your post is really interesting to
read.
My family members always say that I am wasting my time here at web, however I know I am getting familiarity all the time by reading such fastidious posts.|
I’m very pleased to uncover this site. I wanted to thank you for your time just for this fantastic read!! I definitely enjoyed every bit of it and I have you book marked to see new things on your site.
Hey, thanks for the article post.Really thank you! Really Great.
Thank you for sharing superb informations. Your web-site is so cool. I am impressed by the details that you’ve on this blog. It reveals how nicely you understand this subject. Bookmarked this website page, will come back for more articles. You, my pal, ROCK! I found simply the information I already searched all over the place and just couldn’t come across. What a great web site.
Its like you learn my mind! You seem to grasp so much approximately this, such as you wrote the e book in it or something. I think that you can do with some p.c. to drive the message house a little bit, but instead of that, this is excellent blog. A fantastic read. I’ll certainly be back.
I needed to thank you for this excellent read!! I absolutely enjoyed every bit of it. I have you bookmarked to look at new stuff you post…
Pretty! This was an incredibly wonderful post. Thank you for supplying these details.
I and also my guys have already been examining the excellent items from your website and all of a sudden I had a horrible suspicion I had not expressed respect to the web site owner for them. My young boys came consequently passionate to read through them and now have quite simply been using them. Appreciate your simply being so kind and for picking this form of fantastic things millions of individuals are really eager to discover. Our own honest regret for not saying thanks to earlier.
Your style is really unique compared to other folks I have read stuff from. Thank you for posting when you have the opportunity, Guess I will just book mark this page.
Please allow me to know if you’re looking for an writer for your internet site. You have some fantastic posts, and I believe I might be a great asset. In case you at any time would like to get many of the load off, I’d like to jot down some product for your personal web site in Trade for the url back again to mine. Be sure to shoot me an email if interested. Thanks.
There’s definately a lot to know about this topic. I like all of the points you’ve made.
I have been exploring for a little bit for any high-quality
articles or blog posts on this kind of space . Exploring in Yahoo I at last
stumbled upon this website. Studying this information So i am glad to
exhibit that I’ve a very just right uncanny
feeling I discovered exactly what I needed. I so much indubitably will make sure
to do not forget this website and provides it a glance
regularly.
Hey there. I found your blog by way of Google while looking for a similar subject, your web site came up. It seems to be great. I have bookmarked it in my google bookmarks to visit then.
wonderful and fantastic blog site. I truly want to thank you, for
offering us better details.
Terveisiä! Erittäin hyödyllinen neuvo tässä artikkelissa! Pienet muutokset tekevät suurimmat muutokset. Kiitos paljon jakamisesta!
There is definately a lot to learn about this topic.
I really like all of the points you made.
Vau se oli outoa. Kirjoitin juuri pitkän kommentin, mutta kun klikkasin Lähetä kommenttini ei ilmestynyt. Grrrr… no en kirjoita kaikkea uudestaan. Joka tapauksessa, halusin vain sanoa, että mahtava blogi!
huh tämä blogi on ihana, tykkään lukea artikkeleitasi. Jatka hyvää työtä! Tiedät, että monet ihmiset etsivät tätä tietoa, voit auttaa heitä suuresti.
Very energetic post, I enjoyed that bit. Will there be a part 2?
Thank you, I’ve recently been looking for info approximately this topic for a while and yours is the greatest I’ve discovered till now.
But, what in regards to the bottom line? Are you sure concerning the supply?