Still in development

Threat Modeling

Threat modeling is an exercise to understand how attackers may be able to compromise a system and then make the appropriate mitigations to thwart the potential threats. Typically, threat modeling is an exercise that takes place before deployment to production systems as part of the design phase but can also be used in the beginning stages of any security testing. Threat modeling will usually include the following activities:

  1. Identifying all assets in a system, creating an architecture overview
  2. Decomposing the system (or device)
  3. Identification of threats
  4. Document all the threats with their respective scenarios, and
  5. Rate each threat by its likelihood as well as impact using a rating system

Common rating systems used are DREAD, and CVSS but several others are also available.

Considerations (Disclaimer: The List below is non-exhaustive):

  • TBD

Additional References

results matching ""

    No results matching ""