GRC Viewpoint

Threat Modelling, the Latest Focus in Enterprise Security

Hackers continue to invent innovative ways to exploit vulnerabilities. As a result, IT experts have no other option but to come up with methods that can counter these attacks.

Cyber security experts are implementing a wide range of countermeasures in response to the attacks to keep crucial information secure and reduce vulnerability: the recent surge and interest in threat modeling fuels the urgency of the situation.

READ MORE: Network Object Management Is Going to Be Inevitable for Multi-cloud Management

What is threat modeling?

Threat modeling is an extensive process that is entirely structured in nature and aims at the following:

-Pinpoint security threats

-Possible vulnerabilities

-Identify and assess security requirements

-Quantify critical vulnerabilities

-Arrive at remediation methods and prioritize the most suitable ones for the specific scenario

Although IT experts can conduct threat modeling anytime during development, experts recommend performing it at the beginning of the concerned project. This way, it would be an easy task to identify threats faster and curb them even before they transform into a vulnerability.

The threat modeling process is extensive as it involves defining an organization’s assets besides identifying the functions served in each application in the grand scheme. Therefore, the following action will be to arrive at a security profile for all the applications. This would be an ongoing process involving prioritizing and identifying potential vulnerabilities. Later, the events that could have a harmful impact are documented along with the intended action plans to counter them.

READ MORE: A Single Incidence of Compromise on A Slack Account Can be Extremely Disastrous for your entire organization

Threat modeling approaches to cyber security are hardly recent. As an early example, Microsoft had introduced the STRIDE threat modeling in the late 1990s.

STRIDE stands for:

Spoofing

Tampering

Repudiation

Information Disclosure

Denial of Service

and Elevation of Privilege

Now, there are several threat modeling approaches and strategies, all of which have the fundamental objective of identifying possible risks.

Related Articles

Latest Articles