Cyber Threat Modeling

What is Threat Modeling?

Cyber threat modeling is a process whose goal is to identify the types of threats that can cause harm to an application, network or computer system. It is a method for enhancing network security by setting objectives, detecting flaws, and developing countermeasures to either avoid or mitigate the impact of cyber-attacks against the system. 

Simply speaking, threat modeling is taking the time to focus on any given area, consider the threats it faces and test out a course of action to mitigate them.  

Taking the perspective of a malicious threat actor, organizations can approach securing their network, application or system by considering how a malicious actor would try to enter their system or do other damage. Cyber security threat modeling typically takes place at the design or development stage to justify and determine security measures needed.

In short, creating a cyber threat intelligence model involves looking at your network, system or application, identifying the weak spots, coming up with mitigation strategies, implementing them, and making sure they work.

Cyber Threat Modeling

What is the Threat Modeling Process?

The process of threat modeling involves 5 main steps:

  1. Define the scope and depth of your project. Decide which part of your organization you want to apply threat modeling to. Identify which assets are critical and need protection, which applications may be most vulnerable, and where your greatest risks lie.
    It is also important to define who you are building the threat model for and what are the agreed objectives. Is it for the application developers? Network administrators? Or is it for everyone involved in a particular project or segment of the organization?
  2. Know your system. Create a network and application diagram to gain a visual understanding of exactly where your assets are and how everything is connected. The OWASP Threat Dragon is a cyber threat modeling tool used to create threat model diagrams as part of a secure development lifecycle.
    Also consider who may be likely to threaten your organization and why, this will add an angle as to how you will approach securing it.
  3. Identify the threats and vulnerabilities. What could go wrong? Define the threat or vulnerability you are modeling. Now is also a great time to prioritize which of these threats are most urgent, according to their likelihood and the impact they’d have if they were to take place. Not every threat will warrant mitigation and can be accepted or ignored. Remember to research commonly known exploitable vulnerabilities to ensure you have covered everything connected to your scope.
  4. Mitigate threats. Determine how to mitigate or remediate the identified threats and get them implemented! Mitigation can be regarded as countermeasures in threat modeling. Consider how controls will countermeasure specific threats.
  5. Test to see if threats have indeed been mitigated.

Bonus step: Repeat. Threat modeling is most effective when continually implemented to stay up to date with your system and network.

If the threat modeling process sounds overwhelming, just remember that cyber attack threat modeling doesn’t need to be all or nothing. It can be limited in scope to a particular asset or network, to a particular threat or vulnerability. 

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Learn more about Cyber Threat Modeling

Threat Modeling Methods

There are different ​​methodologies that provide ways to assess the threats facing your IT assets. Here are some of the most common:

  • STRIDE – STRIDE was developed by Microsoft and stands for 6 categories of security threats:
    • Spoofing
    • Tampering
    • Repudiation
    • Information Disclosure
    • Denial of Service
    • Elevation of Privilege.

Centraleyes Expert Tip! Check out the OWASP Threat Dragon tool if you’re using the STRIDE methodology.

  • DREAD – First created by Microsoft but later disregarded citing doubts of its subjectivity, DREAD threat modeling is still used by many organizations including OpenStack, Fortune 500 companies and other small businesses. DREAD is a framework that uses an ordinal scale to evaluate threats. It represents:
    • Damage Potential
    • Reproducibility
    • Exploitability
    • Affected Users
    • Discoverability 
  • P.A.S.T.A – A risk-centric threat modeling technique called Process for Attack Simulation and Threat Analysis (PASTA) provides a step-by-step process for integrating risk analysis and context right away into an organization’s overall security strategy.
  • Common Vulnerability Scoring System (CVSS) – The Common Vulnerability Scoring System (aka CVSS Scores) provides numerical representation of the severity of infosec vulnerabilities on a score of 1-10.
  • TRIKE – TRIKE is a methodology and tool for threat modeling. An open source project, which was started in 2006 as an effort to increase the efficacy and efficiency of current threat modeling approaches, is still being utilized and developed today.

Integrating Cyber Threat Modeling into the Software Development Lifecycle (SDLC)

One of the key aspects of effective cyber security threat modeling is its integration into the Software Development Lifecycle (SDLC). By incorporating threat modeling early in the development process, organizations can proactively address security concerns, reduce vulnerabilities, and ensure the overall robustness of their systems. Here’s how threat modeling fits into different stages of the SDLC:

1. Requirements Gathering

During the initial phase of SDLC, threat modeling helps identify security requirements. This ensures that security considerations are woven into the fabric of the application from the outset.

2. Design and Architecture

Threat modeling aids in making informed architectural decisions by considering potential threats and vulnerabilities. This involves designing security controls that align with the identified risks. Implementing threat modeling tools like OWASP Threat Dragon during the design phase assists in creating visual representations of the application’s threat landscape.

3. Implementation

Threat modeling guides developers in implementing secure coding practices. This includes addressing specific threats identified during modeling and applying coding standards that mitigate potential risks.

4. Testing

Use threat modeling to inform the creation of test scenarios that simulate real-world cyber threats. This ensures that the implemented security measures are effective under various conditions. In addition, you can integrate threat modeling results into vulnerability assessments to validate that the identified threats have been adequately mitigated.

5. Deployment and Beyond

Threat modeling informs decisions about configuration settings and access controls during deployment. Threat modeling is an iterative process. Even after deployment, organizations should continuously monitor and update their threat models to adapt to evolving threats and changes in the application.

Incorporating threat modeling into the SDLC enhances the security posture of the developed software and contributes to a more cost-effective and streamlined development process. It allows organizations to identify and address security concerns early, preventing the need for extensive rework and reducing the likelihood of security breaches.

Use threat models to better inform incident management, requirements, drive intelligence outputs and improve detection and preventative controls, as well as to better identify gaps in detection and response strategies.

Start Getting Value With
Centraleyes for Free

See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days

Want to talk to Centraleyes about Cyber Threat Modeling?

Related Content

 Data Subprocessor

 Data Subprocessor

What is a Data Subprocessor? A Data Subprocessor is a third party engaged by a Data…
Threat-Based Risk Assessment

Threat-Based Risk Assessment

What is a Threat-Based Risk Assessment? Threat-Based Risk Assessment is an approach that incorporates real-time threat…
Semi-Quantitative Risk Assessment

Semi-Quantitative Risk Assessment

Various methodologies are employed to identify, evaluate, and mitigate risks. Among these methodologies, semi-quantitative risk assessment…
Skip to content