Threat Modelling

Tags

security

The [see page 49, first] step in secure software design (part of SDLC), where potential threats are identified and prioritised.

[see page 49, Involves]:

• Identifying assets and stakeholders.
• Consider architecture of application and environment.
• Brainstorm about known threats.
• Define security assumptions.
• Rank threats by risk (roughly \( \text{impact} \times \text{likelihood} \)).

Goals and considerations:

• Think about security issues early.
• Understand your requirements better.
• Decide which threats to respond to.
• Decide how to mitigate these threats.
• Where are the high-value assets?
• Where am I most vulnerable to attack?
• What are the most relevant threats?

Warn: [see page 52, Never] think good prevention makes detection & reaction unessential.

A core aspect of threat modelling is threat identifications which can be done using:

• CAPEC
• STRIDE
• Optionally a Threat Tree