Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors and the assets most desired by an attacker. Effective threat modeling and threat management tools will help answer key questions, including:
Where are the high-value assets within the organization’s environment?
What surfaces of the organization’s environment are most vulnerable to attack?
What are the most relevant threats to the organization’s security?
Is there an attack vector that might go unnoticed?
How Threat Modeling Benefits Different Roles
Aside from answering the above questions, each team member who participates in the threat modeling process gains valuable experience, learns best practices and, ultimately, contributes in a unique way to the security of the product and organization at large. Managers will gain a clearer picture of the threats that their products face and have documented proof of due diligence if requested by a customer.
The developers who prepare the threat model must consider the dangers that threaten the product and will be more apt to adopt secure coding practices when they understand the vulnerabilities in the environment. Any quality assurance (QA) staff looped into the process will become more aware of the threat scenarios they should be incorporating into their testing activities.
The Importance of Threat Modeling as Part of Project Readiness
Many believe that app scanning and penetration testing are sufficient to defend security gaps, but we need to co ..
Support the originator by clicking the read the rest link below.
