Threat modeling should be carried more often because new threats emerge now and then. This process should be iterative and should begin during the early design phases of an application and go on throughout the life cycle application. This is due to two reasons. The first one is that it is impossible to recognize all potential threats in a single given time. The second reason is because the applications are unusually fixed and they must therefore be adapted and enhanced to suit the changing the requirements of a business. As an application evolves the threat modeling process should be carried out in a repeated manner. The threat modeling process is carried out in a six-phase process namely:
This involves identifying the valuable assets that must be protected by the system. The asset centric approach entails classifying the assets of a company entrusted to a software or system i.e. the data the system or software processes. The assets are categorized in regards to data sensitivity and the inherent value they have to potential attackers. This helps in prioritizing the risk levels.
Creating an architecture overview.
This stage involves documenting the functions of an application. It also forms parts of the solution which involve the physical and architecture deployment technologies and configuration. One should identify the potential vulnerabilities in the implementation or design of an application.
3. Decomposing the application.
This involves decomposing the application’s architecture including the underlying host and network infrastructure design with the aim of creating an application’s security profile. The objective of the security profile is uncovering the vulnerabilities in the deployment, implementation or design configuration of the application.
Identifying the threats.
This step involves having the aims of an attacker in mind, having the knowledge of the potential vulnerabilities and architecture of an application and recognizing the potential threats that can affect an application.
Documenting the threats.
This stage involves documenting all the threats using an ordinary threat template that describes a set of attributes for the identified threats.
Rating the threats.
This involves prioritizing the most critical threats and addressing them first. The rating process involves comparing the threat’s probability and the damage it might cause.
The threat modeling process output us a document of the IT project team members. It helps them in clearly understanding the threats that are required to be addressed and how that should be carried out.
Dsouza, R. (2016, April 15). Retrieved from http://threatmodeler.com/approaches-to-threat-modeling/
Rouse, M. (n.d.). What is threat modeling? – Definition from WhatIs.com. Retrieved from http://searchsecurity.techtarget.com/definition/threat-modeling
Simeonova, S. (2016, August 26). Threat Modeling in the Enterprise, Part 1: Understanding the Basics. Retrieved from https://securityintelligence.com/threat-modeling-in-the-enterprise-part-1-understanding-the-basics/
Threat Modeling. (n.d.). Retrieved from https://msdn.microsoft.com/en-us/library/ff648644.aspx