What is Threat Modeling

Threat modeling is the act of evaluating what needs to be protected in the area of computer security, then determining what steps you are willing to take to achieve sufficient protection. Threat modeling accounts for the fact that there are numerous different security risks inherent in using computers, and the risks can vary by user and by organization. As a result, there are many different security measures that individuals and organizations may need to implement, or that may not be worth implementing given their limited resources, depending on the specific threats they face.

BREAKING DOWN Threat Modeling

To understand threat modeling, think about your personal computer. What do you need to protect? You don’t want an intruder to gain access to the sensitive personal information such as your passwords, tax returns, and emails. You also wouldn’t want someone to steal the computer itself. To evaluate your risk, you would identify what sensitive data is stored on your computer, who has access to your computer and how you are currently protecting your files and your device. Next, you would consider who might want these things: perhaps criminal hackers and burglars. Who else do you need to protect your device and your information from? Maybe an ex-spouse who has ill will toward you or others who live in your household, such as your children.

If the wrong person accessed or stole your computer or your files, what could they do with it that would harm you? Criminal hackers would not only be able to potentially steal your identity with the information on your computer but also make your life difficult by taking away your access to all your files unless you had them backed up securely.

How you decide to defend yourself depends on how strong your potential attackers are and how much risk they pose. If your child is two years old, your computer might be at risk of getting knocked on the floor or having the keyboard damaged by spilled liquids, and your files might be at risk of accidental deletion. Keeping your computer in a locked room or locked cabinet might be sufficient to protect against that risk. Criminals gaining unauthorized access to your computer through the Internet are a much bigger threat that will require you to take measures like installing antivirus and firewall software.

Threat modeling is a personalized process that depends on the individual or organization’s priorities and risk tolerance. Threat modeling is always incomplete, however, because we can never know all the risks associated with computer use. Hackers are always developing new techniques and finding security flaws in developed software. Threat modeling does its best to identify risks, then prioritizes the order in which they should be addressed.

Threat modeling can help organizations understand their true risk of various threats so they can implement the security controls that best limit those risks rather than the security controls that are the most popular or well known. Common threat modeling techniques include Trike, PASTA (Process for Attack Simulation and Threat Analysis), CAPEC (Common Attack Pattern Enumeration and Classification), and Microsoft STRIDE (STRIDE stands for spoofing identity, tampering with data, repudiation, information disclosure, denial of service, and elevation of privilege—all potential threats to a system and its data).

In an enterprise that wanted to evaluate the security risks to one of its systems, threat modeling would consist of gathering and reviewing any system documentation; bringing together a group of people who are experienced with using, designing, supporting and managing that system; discussing the system architecture and thinking strategically about what could go wrong; considering what can be done about it; and documenting the group’s discoveries and observations.

Threat modeling should always be performed in a systematic way, but different approaches may be used depending on the needs of the organization and the people performing it. Threat modeling is commonly performed by software developers, systems managers, and security professionals, but anyone can learn how to do at least some aspects of it. By being proactive, threat modeling can help software, computer services, and computer systems be more secure from the moment they are released, limiting damage to the company and its customers.