Threat modelling is defined as a process for identifying, enumerating, and prioritising potential threats, such as structural vulnerabilities, from the perspective of a hypothetical attacker.
The threat modelling process is broken down into stages:
- Threat model requirements and stakeholder management (Who are we building it for, and what are the agreed objectives for building the model)
- Developing threat models that might be applied to specific applications and industries.
- An assessment of existing threat modelling approaches such as PASTA (Marco Morana), OCTAVE, VAST, and STRIDE.
- MITRE ATT&CK, Courses of Action (CoA), and Indicator enumeration are some of the modelling tools for behaviour that have been evaluated.
- Threat models’ quality and consistency are measured.
- Threat models are being used to better inform incident management, needs, and intelligence gathering.
Steps in a Generic Threat Model
The generic steps for threat modeling’s fundamentals are as follows: ref
- The goal of the assessment: is to figure out what’s at stake. Identifying assets, understanding the capabilities given by the application, and valuing them are the checkpoints. Then there’s the less tangible stuff like reputation and goodwill to consider. We can identify the critical points as the assessment’s output based on these checkpoints.
- Definition of Threat Agents and Attacks: A critical component of the threat model is defining the many types of people that may be able to attack your system, including insiders and outsiders, making both inadvertent and deliberate mistakes, and the resulting impact on the likelihood of data leaks and breaches.
- Recognize the Countermeasures: Any model must take into account existing countermeasures; we cannot just declare (1) and (2) above as perfect as they are without a plan to improve them.
- Identify exploitable flaws: Once we have a good grasp of our systems’ security measures, we can do research on new probable weaknesses. The investigation is looking for flaws that link the potential assaults to the negative impacts we’ve uncovered.
- Prioritized detected risks: In threat modelling, prioritisation is crucial, because there are always a lot of risks that don’t get any attention. To define an overall risk or severity level, we can assess the number of likelihoods for each threat and examine its effect variables.
- Develop plans to mitigate the threat: Using the information gathered in steps 1 through 5, the next step is to devise countermeasures to lower the risk to acceptable levels.
Known Threat Models
- STRIDE
- Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) and Associated Derivations
- is specifically designed to focus on IT related threat
- Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege) and Associated Derivations
- PASTA
- The Process for Attack Simulation and Threat Analysis
- is a widely used & adaptable applicable model, with threat simulation, focusing on Risks Centric methodology.
- The Process for Attack Simulation and Threat Analysis
- LINDDUN
- Linkability, Identifiability, Nonrepudiation, Detectability, Disclosure of information, Unawareness, Noncompliance) method
- is focused more on Data and Privacy related model
- Linkability, Identifiability, Nonrepudiation, Detectability, Disclosure of information, Unawareness, Noncompliance) method
- OCTAVE
- Operationally Critical Threat, Asset, and Vulnerability Evaluation
- is focused on Risk Management and organization related impact
- Operationally Critical Threat, Asset, and Vulnerability Evaluation
- VAST
- Visual, Agile, and Simple Threat Modelling
- scales threat modelling process across infrastructure & is focused on attacker
- Visual, Agile, and Simple Threat Modelling
- hTMM
- Hybrid Threat Modelling Method
- A hybrid type threat model which is focused on Attacker/Defender models, melds features of: Security Cards, Persona non Grata, and STRIDE
- Hybrid Threat Modelling Method
- qTMM
- Quantitative Threat Modelling Method
- A quantitative type threat model which is focused on Attacker/Defender models, melds features of Attack Trees, STRIDE, and CVSS
- Quantitative Threat Modelling Method
- TRIKE
- Open source threat modelling methodology and tool with unified conceptual framework for security auditing automated concept from a risk management perspective
- focused on Risks Measurement on calculating its stakeholders components (assets, roles, actions, risk exposure)
- Open source threat modelling methodology and tool with unified conceptual framework for security auditing automated concept from a risk management perspective
- Trees
- Attack Trees
- is focused on Attacker’s scheme, works in any steady implemented production/business/process scheme, that is developed further to become the killchain nowadays
- Attack Trees
- PnG
- Persona non Grata
- (Persona non Grata) has focused on attacks that represent archetypal personnel’s who behave in unwanted behaviours. Works perfectly to measure insider threat assessments
- Persona non Grata
Conclusion
Threat modelling can assist in making products more safe and reliable. Some models are more weighted to be used in specific sectors (Oil & Gas, Financial Services, Education, Health / Pharma etc) than others, while others are used in conjunction with others.
Consider any specific areas to target (risk, security, privacy), how often it must be performed, how much expertise the firm has with a specific threat model, how active stakeholders want to be, and so on when deciding which method is ideal for a business. ref
How Can ITM Help You?
IT Minister covers all aspects of Cyber Security including but not limited to Home cyber security managed solutions to automated, manage threat intelligence, forensic investigations, Mobile Device Management, Cloud security best practice & architecture and cyber security training. Our objective is to support organisations and consumers at every step of their cyber maturity journey. Contact Us for more information.