What is Threat Modeling .pptx
- 1. What is Threat Modeling? www.infosectrain.com | [email protected]
- 2. www.infosectrain.com | [email protected] With the enhancement of technology, cyber attackers use the latest tricks and techniques to access unauthorized data and perform malicious activities in the organization’s system or network. Unfortunately, this is due to many security vulnerabilities that go undetected, forming the attack surface.
- 3. www.infosectrain.com | [email protected] Table of Contents What is threat modeling? How does threat modeling work? Threat modeling methods Advantages of threat modeling Due to the impact of security vulnerabilities, cybersecurity professionals are deploying countermeasures to safeguard the systems, networks, or data. For such instances, threat modeling emerged to identify the vulnerabilities left undetected even after performing traditional security testing methods. What is threat modeling? Threat modeling is a process used by cybersecurity professionals to identify the application, system, network, or business process security vulnerabilities and to develop effective measures to prevent or mitigate threats. It consists of a structured process with these objectives: identify security threats and potential vulnerabilities, define threat and vulnerability criticality, and prioritize remediation methods.
- 4. www.infosectrain.com | [email protected] How does threat modeling work? Threat modeling works by identifying the various types of threats that can affect an application or system. Organizations analyze software architecture, business context, and other artifacts while accomplishing threat modeling. In general, organizations perform threat modeling in the designing stage of an application to help developers identify the security vulnerabilities in their design, code, or deployment.
- 5. www.infosectrain.com | [email protected] Threat modeling methods Various types of threat modeling methods are used to protect from cyber threats. They are as follows: Attack tree: The attack tree is one of the oldest and most commonly used threat modeling methodologies, designed to develop a conceptual diagram illustrating how an asset or target is attacked, with the root node, leaves, and children nodes. This methodology is often combined with other threat modeling methods such as PASTA, STRIDE, etc. Common Vulnerability Scoring System (CVSS): CVSS is a standard threat modeling method used to help security teams access threats, identify the impact, and develop countermeasures. It helps organizations assess and prioritize vulnerability management processes.
- 6. www.infosectrain.com | [email protected] DREAD: It was also developed by Microsoft, which dropped in 2008 due to a lack of consistent ratings. Many other organizations use the DREAD methods to rank and assess security threats. •Damage potential: Ranks the severity of the threat •Reproducibility: Ranks how the attack is reproducing easily •Exploitability: Rating the effort required to initiate the attack •Affected users: Collecting the number of users affected if an attack becomes widely available •Discoverability: Rate how easy to identify the threat
- 7. www.infosectrain.com | [email protected] OCTAVE: The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) threat modeling methodology is a risk-based strategic assessment and planning method. It aims at assessing organizational risks in three phases: •Creating asset-based threat profiles •Identifying vulnerabilities •Developing and planning a security strategy PASTA: Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric methodology that provides threat identification, enumeration, and scoring. Because of its static framework, it is easy to implement and understands the risks of the application. STRIDE: It is a well-known threat modeling methodology developed by Microsoft that provides a mnemonic approach for identifying security threats in six types: •Spoofing: An attacker pretending as another user, component, or system feature to steal the data in the system. •Tampering: Replicating data in the system to achieve a malicious goal. •Repudiation: Due to the lack of evidence, the attacker can deny the malicious activities performed in the system. •Information disclosure: Making protected data accessible to unauthorized users. •Denial of Service: An attacker uses illegitimate methods to exhaust services required to serve users.
- 8. www.infosectrain.com | [email protected] TRIKE: TRIKE is a unique and open source threat modeling method that aims at security auditing processes from cyber risk management. It offers a risk-based approach with an individual risk modelling process. The Data Flow Diagram (DFD) is generated with the requirements to understand how the system stores and manipulates data—implementing mitigation controls to prioritize the threats and then developing a risk model based on the actions, roles, assets, and threats. VAST: Visual, Agile, Simple Threat Modeling (VAST) is an automated threat modeling method to differentiate the application and operational threat models. It is designed to integrate the workflows that require stakeholders such as developers, application architects, cybersecurity professionals, etc.
- 9. www.infosectrain.com | [email protected] Threat Hunting Professional training with InfosecTrain InfosecTrain is one of the best security and technology training providers that offer a wide range of IT security training and Information Security (IS) consulting services. It conducts a Threat Hunting Professional online training course to provide participants with a complete understanding of the threat hunting methodologies and frameworks.
- 10. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | [email protected]
- 12. Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | [email protected]
- 15. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 [email protected] www.infosectrain.com