Threat Modelling Methodologies

1
Threat Modelling
Methodologies
2
Benefits of Cyber Threat Modeling at a Glance

• It allows CTOs to protect their enterprise in the
  digital realm. Essential resources are redirected
  so that cyber security experts can keep their
  enterprise protected.
• Cyber threat mitigation plans are prepared on
  priority in a bid to ensure that cyber security
  solutions can be readily implemented.
• It allows CTOs to ensure that defense mechanisms
  are periodically updated, in line with
  ever-evolving cyber threats.
• Security vulnerabilities in proprietary software
  are patched on time before they can be exploited
  by cybercriminals.

3

• An experienced threat response consultant would
  rely on STRIDE cyber threat modeling methodology
  from the get-go. This threat model is the
  brainchild of engineers at Microsoft. One of the
  compelling upsides of this threat model is its
  ability to evaluate individual systems.
• STRIDE can be used to detect threats such as
• Spoofing users or programs that pretend to be
  something or someone they are not.
• Tampering a modified section of source code in
  a website or app that can be used as a backdoor
  to gain illegal access.
• Repudiation instances when threat events go
  unnoticed.
• Information disclosure in the form of leaked or
  exposed business-critical data.
• Denial of service (DoS) where a website crashes
  and become unavailable for business use due to
  online traffic overload from spam sources.
• Elevation of privilege where cybercriminals
  give themselves admin-level clearance to a system
  of an enterprise and carry out a full-blown cyber
  attack.

STRIDE -Threat Modeling
4

• As per the spokesperson of a revered provider of
  cyber security consulting services, PASTA is yet
  another revered cyber threat modeling
  methodology.PASTA is the abbreviation for
  Process for Attack Simulation and Threat
  Analysis. It is a cyber attacker-centric
  methodology that entails seven steps.The steps
  are as follows -The business objectives are
  first defined.
• The next step is defining the technical scope of
  components and assets.
• The next step is the decomposition of the
  affected application and identifying its set of
  controls that have been compromised.
• The following step is the analysis of threat(s)
  which is based on threat intelligence.
• After that, the affected software or sections in
  the affected IT infrastructure will be scanned
  for vulnerabilities.
• Following that, detailed modeling of the attack
  will commence and then
• A risk analysis will commence followed by the
  development of countermeasures.

PASTA Cyber Threat Modeling Methodology
5

• CVSS stands for Common Vulnerability Scoring
  System. It is a standardized cyber threat scoring
  system. It allows a cyber security expert to
  assign scores to known cyber threats.This system
  entails a design that allows cyber security
  experts
• Run treat assessments
• Apply and assess threat intelligence
• Identify the impact of a cyber-attack and
• Identify the countermeasures that are being used
  by an enterprise against incoming threats in
  real-time.
• Cyber resilience should be the norm in small,
  medium and large-scale enterprises. Cyber threat
  has exacted a heavy toll on the online community,
  posing constant fear of the breach of sensitive
  data. So threat modelling is taking a step back,
  assessing your organizations digital and network
  assets, identifying weak spots, determining what
  threats exist, and developing plans to protect or
  recover. The best results can only be achieved by
  hiring a third party that excels in offering
  cybersecurity solutions.

CVSS Threat Modeling Methodology
6
THANKYOU