top of page
Writer's pictureJoseph Martinos

What is Threat Modelling and Why do we need it



Introduction

While the topic of Threat Modelling has been explored extensively, I want to share my unique journey and insights into this critical aspect of Cybersecurity. My initial exposure to Threat Modelling occurred while preparing for the CISSP exam a couple of years ago. Subsequently, I had the opportunity to apply this knowledge in the real world when I assumed the role of Senior Cybersecurity Advisor at the National Bank of Canada.

In this blog post, I aim to demystify Threat Modelling, offering a straightforward definition, emphasizing its vital role in the field of Cybersecurity, and introducing various methodologies commonly employed in the industry. Without further ado, let's dive in.


Understanding Threat Modelling

In simple terms, Threat Modelling is a systematic and structured approach to identify, evaluate, and mitigate potential security threats and vulnerabilities within software, systems, or processes. This practice equips Cybersecurity professionals to anticipate threats, envision how they could exploit vulnerabilities, and assess the potential impact.


The Value of Threat Modelling

Threat Modelling adds significant value by allowing organizations to proactively protect their critical assets. This approach enables early threat detection during system development, minimizing potential risks. By addressing security concerns during the planning and design phases, organizations can avoid the exorbitant costs associated with fixing security issues in production or responding to data breaches. This ultimately leads to long-term cost savings.

Threat Modelling empowers organizations to make informed decisions regarding security investments, resource allocation, and risk tolerance.


Approaching Threat Modelling

  1. Understanding Business Context: Begin by comprehending the business need. For instance, if you're implementing an e-commerce platform, the business need is online sales. Understanding this context helps identify potential threats.

  2. Decomposing the Environment: This phase involves gaining a granular understanding of the product's logic, defining components (e.g., EC2 instances, S3 buckets), outlining trust boundaries (on-premises, cloud), and understanding data flow between components. Identifying existing security controls (encryption, security groups, firewalls) is crucial.

  3. Determining Threat Scenarios: With a clearer understanding of the environment, identify potential threat scenarios. Utilize well-known frameworks like STRIDE, MITRE ATT&CK, PASTA, DREAD, or Attack Tree. Each framework offers a unique perspective on threat identification. For example, STRIDE focuses on Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege, while MITRE ATT&CK categorizes cyber adversaries' tactics, techniques, and procedures (TTPs).

  4. Testing Security Controls: Once threats are identified, evaluate the effectiveness of your security controls. Determine mitigation strategies if needed and perform a comprehensive risk analysis to assess the impact and probability of threats on your system.

Involving Key Stakeholders

Threat Modelling cannot be accomplished in isolation. Engage the following key teams in your Threat Modelling exercise:

  • Solution Architect Team: Responsible for designing the system and its components, they provide vital insights into implemented security controls and system functionality.

  • Development Team: They play a crucial role in building secure systems and ensuring security is integrated throughout the development lifecycle.

  • IT and Operations Team: These teams manage the organization's infrastructure, including networks and servers, making their knowledge of network infrastructure, system configurations, and application integration indispensable for effective threat modelling.

  • Business or Process Owners: Their input regarding critical assets, business processes, and risk tolerance is invaluable. Their involvement ensures alignment with the organization's strategic goals.

Key Takeaways

While conducting Threat Modelling, it's essential to aim for realistic scenarios rather than perfection. Cyber threats evolve continuously, necessitating updates to your Threat Modelling approach. When dealing with unfamiliar technologies, don't hesitate to seek advice from specialists within your organization or conduct research. Information is readily available; we need only to find and comprehend it.

In conclusion, Threat Modelling stands as a critical pillar of Cybersecurity, enabling organizations to bolster their security posture. While this post serves as an introductory guide, it offers valuable insights for those curious to delve deeper into the topic.


Recommended readings and workshops:


372 views0 comments

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page