Threat Modeling

Introduction

Threat Modeling is not just for data, but also for people, places and assets.

Threat Modeling Techniques

STRIDE

• Spoofing [identity] — identifying authentication threats
• Tampering [with data] — identifying threats to data integrity
• Repudiation
• Information disclosure — identifying data stewardship threats and data leaks
• Denial of service — identifying threats to availability
• Elevation of privilege — identifying authorization vulnerabilities

DREAD

• Damage [potential]
• Reproducibility
• Exploitability
• Affected users
• Discoverability

PASTA

Process for Attack Simulation and Threat Analysis

TRIKE

Trike is a a data centric open source threat modeling methodology and tool.

OSSTMM

The Open Source Security Testing Methodology Manual by ISECOM includes testing, analysis, and measurement of operational security.

MIL-STD 882-E

• This system safety standard practice identifies the Department of Defense (DoD) Systems Engineering (SE) approach to eliminating hazards, where possible, and minimizing risks where those hazards cannot be eliminated. DoD Instruction (DoDI) 5000.02 defines the risk acceptance authorities.
• This Standard covers hazards as they apply to systems / products / equipment / infrastructure (including both hardware and software) throughout design, development, test, production, use, and disposal.
• When this Standard is required in a solicitation or contract but no specific task is identified, only Sections 3 and 4 are mandatory.
• The definitions in 3.2 and all of Section 4 delineate the minimum mandatory definitions and requirements for an acceptable system safety effort for any DoD system.