Threat Modeling Exercise
Every organization strives to become as efficient as possible, and to do so there needs to be a clear focus on what should be done to reach the expected level. In many cases organizations are not considering threats and risks that are relevant to their business, and in some cases even focusing mostly on threats that should not be of high priority to business. In order to find potential threats, we can use a technique called Threat Modeling to explore threats and countermeasures/mitigations, which can then be used by the customer to prioritize risks that are relevant to the organization.
This exercise is applicable not only to software development but to any flow that is susceptible to manipulation. Threat Modeling is also a very good tool to raise security awareness in teams and to establish documentation of the current security situation to help prioritizing future security work.
During a typical exercise we coach teams and employees to think like a malicious actor. We break down applications and business flows and help teams pinpoint where the organization might be vulnerable to different forms of threats and manipulation techniques.
A typical Threat Modeling session consists of:
- Introduction to the Threat Modeling concept.
- What threats are out there?
- Differences between Threat Modeling based on assets, dataflows/use cases, and adversaries.
- How to break down flows and use cases in software development.
- Whiteboard exercises in flows and trust boundaries.
- Mitigation techniques.
- How to document findings and results (formal, informal).
- Threat Modeling standards (STRIDE, Attack Trees, PASTA, Kill chains etc.).
- Tooling support.
Threat Modeling exercises can be performed on-site or remotely.