In previous blogs you could already read about what threat modeling is, and about the 4 steps. In practice, however, threat modeling is more than just a technical analysis of your application. The threat landscape is constantly evolving, and so is your organisation. Therefore, you need to understand the technical and business context, and create doomsday scenarios.
As a result, you have a broader insight of the threats to your application.
1. The ecosystem
Applications are not always stand-alone. On the contrary: they are mostly part of an ecosystem of applications. You need to find out how it works and how it supports your organisation. You also need to have a clear understanding of the security requirements. You should, for example, know what other applications or services the application is exchanging information with.
2. The business context
- Insider trusted: privileged users
- Insider untrusted: very regular users, contractors …
- External trusted: suppliers, partners, service providers …
- External untrusted: competitors, cybercriminals …
What business process is being performed or supported? What are the characteristics of that specific process? And how crucial is that process for your business? You also need to find out who is using the application and identify possible threat actors. In most cases, they fall into one of the following categories:
Eventually, you need to identify risks for your business: what is the impact and what is the probability that a certain risk will occur?
3. The added value of threat modeling
Threat modeling is quite time-consuming and thus expensive. It is therefore only relevant for important applications: those that bring in a lot of revenue or handle important data for your organization.
4. Create doomsday scenarios
Doomsday scenarios are hypothetical situations: the worst that could happen for an application – and for your business. Creating doomsday scenarios helps you to proactively anticipate – and even prevent – possibly catastrophic events. You need to describe the following:
- Threat sources: who would be interested in compromising the applications? Why would this be interesting for an attacker?
- Impact: what will be the impact of an attack? Some of the possibilities are theft, loss, corruption and disruption.
- How: how will the scenario be realized? Describe in detail how the attack would be performed.
These scenarios give feedback on your current security situation. You will discover more potential risks and steps to be taken to reduce these risks.
Bron: Blog Toreon