Threat Modeling Exercise

Every organization strives to become as efficient as possible, and to do so there needs to be a clear focus on what should be done to reach the expected level. In many cases organizations are not considering threats and risks that are relevant to their business, and in some cases even focusing mostly on threats that should not be of high priority to business. In order to find potential threats, we can use a technique called Threat Modeling to explore threats and countermeasures/mitigations, which can then be used by the customer to prioritize risks that are relevant to the organization.

This exercise is applicable not only to software development but to anflow that is susceptible to manipulation. Threat Modeling is also a very good tool to raise security awareness in teams and to establish documentation of the current security situation to help prioritizing future security work. 

During typical exercise we coach teams and employees to think like a malicious actorWe break down applications and business flows and help teams pinpoint where the organization might be vulnerable to different forms of threats and manipulation techniques. 

A typical Threat Modeling session consists of: 

  • Introduction to the Threat Modeling concept. 
  • What threats are out there? 
  • Differences between Threat Modeling based on assets, dataflows/use cases, and adversaries. 
  • How to break down flows and use cases in software development. 
  • Whiteboard exercises in flows and trust boundaries. 
  • Mitigation techniques. 
  • How to document findings and results (formalinformal). 
  • Threat Modeling standards (STRIDE, Attack Trees, PASTAKill chains etc.). 
  • Tooling support. 

 

Threat Modeling exercises can be performed on-site or remotely. 

Haven't found what you are looking for?

Our team of experts loves questions.

Contact us

[mc4wp_form id="2129"]

Cookie Information
We use cookies for this website to work properly for you. By continue to navigate this website, you agree to this. Read more about cookies here and our Privacy Policies here. 

[mc4wp_form id="2129"]

Cookie Information
We use cookies for this website to work properly for you. By continue to navigate this website, you agree to this. Read more about cookies here and our Privacy Policies here.