The power of threat modeling is that it makes you think about your system’s specific characteristics. It allows you to gain visibility around weaknesses that pose significant impact to your entire organization. This checklist explores four key ways to use threat modeling to avoid sink holes in your risk management process.
Identify threats that exist beyond canned attacks.
- Conduct standard canned sets of attacks to model risk against your software.
- Understand that standard attacks don’t always pose a risk to your system.
- Perform a threat model to identify attacks that are unique to how your system is built.
Identify where threat agents exist relative to the architecture.
- Model the location of threat agents, motivations, skills, and capabilities to identify where potential attackers are positioned in relation to your system’s architecture.
- Weigh the potential risk associated with an action against other threats.
- Invest time in developing and implementing controls to alleviate the highest amount of risk.
Identify top-N lists, attackers, and doomsday scenarios.
- Before starting any assessment activity, know the top risks and attacks your application faces.
- Develop a doomsday scenario to express extreme situations that threaten your organization.
- Build your software to account for these doomsday scenarios.
- Mitigate the risk associated with these doomsday scenarios.
- Create and update your threat models to keep frameworks ahead to top attacks, doomsday scenarios, and internal or external attackers relevant to your applications.
Identify components that need additional protection.
- Highlight assets, threat agents, and controls through threat modeling to determine which components are likely targets for attackers.
- Address weaknesses by adding additional security controls.
- Avoid risks by removing unrequired functionality.
Threat modeling is a systematic way to discover design-level flaws in the architecture of new and existing applications. Think like the bad people to build security in from the beginning and maintain a solid application security initiative in the future.