Threat Modelling Methodologies - PowerPoint PPT Presentation

About This Presentation
Title:

Threat Modelling Methodologies

Description:

An experienced threat response consultant would rely on STRIDE cyber threat modeling methodology from the get-go. This threat model is the brainchild of engineers at Microsoft. One of the compelling upsides of this threat model is its ability to evaluate individual systems. – PowerPoint PPT presentation

Number of Views:4
Slides: 7
Provided by: katherinewilliams
Tags:

less

Transcript and Presenter's Notes

Title: Threat Modelling Methodologies


1
Threat Modelling
Methodologies
2
Benefits of Cyber Threat Modeling at a Glance
  • It allows CTOs to protect their enterprise in the
    digital realm. Essential resources are redirected
    so that cyber security experts can keep their
    enterprise protected.
  • Cyber threat mitigation plans are prepared on
    priority in a bid to ensure that cyber security
    solutions can be readily implemented.
  • It allows CTOs to ensure that defense mechanisms
    are periodically updated, in line with
    ever-evolving cyber threats.
  • Security vulnerabilities in proprietary software
    are patched on time before they can be exploited
    by cybercriminals.

3
  • An experienced threat response consultant would
    rely on STRIDE cyber threat modeling methodology
    from the get-go. This threat model is the
    brainchild of engineers at Microsoft. One of the
    compelling upsides of this threat model is its
    ability to evaluate individual systems.
  • STRIDE can be used to detect threats such as
  • Spoofing users or programs that pretend to be
    something or someone they are not.
  • Tampering a modified section of source code in
    a website or app that can be used as a backdoor
    to gain illegal access.
  • Repudiation instances when threat events go
    unnoticed.
  • Information disclosure in the form of leaked or
    exposed business-critical data.
  • Denial of service (DoS) where a website crashes
    and become unavailable for business use due to
    online traffic overload from spam sources.
  • Elevation of privilege where cybercriminals
    give themselves admin-level clearance to a system
    of an enterprise and carry out a full-blown cyber
    attack.

STRIDE -Threat Modeling
4
  • As per the spokesperson of a revered provider of
    cyber security consulting services, PASTA is yet
    another revered cyber threat modeling
    methodology.PASTA is the abbreviation for
    Process for Attack Simulation and Threat
    Analysis. It is a cyber attacker-centric
    methodology that entails seven steps.The steps
    are as follows -The business objectives are
    first defined.
  • The next step is defining the technical scope of
    components and assets.
  • The next step is the decomposition of the
    affected application and identifying its set of
    controls that have been compromised.
  • The following step is the analysis of threat(s)
    which is based on threat intelligence.
  • After that, the affected software or sections in
    the affected IT infrastructure will be scanned
    for vulnerabilities.
  • Following that, detailed modeling of the attack
    will commence and then
  • A risk analysis will commence followed by the
    development of countermeasures.

PASTA Cyber Threat Modeling Methodology
5
  • CVSS stands for Common Vulnerability Scoring
    System. It is a standardized cyber threat scoring
    system. It allows a cyber security expert to
    assign scores to known cyber threats.This system
    entails a design that allows cyber security
    experts
  • Run treat assessments
  • Apply and assess threat intelligence
  • Identify the impact of a cyber-attack and
  • Identify the countermeasures that are being used
    by an enterprise against incoming threats in
    real-time.
  • Cyber resilience should be the norm in small,
    medium and large-scale enterprises. Cyber threat
    has exacted a heavy toll on the online community,
    posing constant fear of the breach of sensitive
    data. So threat modelling is taking a step back,
    assessing your organizations digital and network
    assets, identifying weak spots, determining what
    threats exist, and developing plans to protect or
    recover. The best results can only be achieved by
    hiring a third party that excels in offering
    cybersecurity solutions.

CVSS Threat Modeling Methodology
6
THANKYOU
Write a Comment
User Comments (0)
About PowerShow.com