What is Threat Modeling? - PowerPoint PPT Presentation

About This Presentation
Title:

What is Threat Modeling?

Description:

Threat modeling is a process used by cybersecurity professionals to identify the application, system, network, or business process security vulnerabilities and to develop effective measures to prevent or mitigate threats. It consists of a structured process with these objectives: identify security threats and potential vulnerabilities, define threat and vulnerability criticality, and prioritize remediation methods. – PowerPoint PPT presentation

Number of Views:6
Slides: 16
Provided by: infosectrain
Tags:

less

Transcript and Presenter's Notes

Title: What is Threat Modeling?


1
What is Threat Modeling?
www.infosectrain.com sales_at_infosectrain.com
2
With the enhancement of technology, cyber
attackers use the latest tricks and techniques to
access unauthorized data and perform malicious
activities in the organizations system or
network. Unfortunately, this is due to many
security vulnerabilities that go undetected,
forming the attack surface.
www.infosectrain.com sales_at_infosectrain.com
3
Table of Contents What is threat modeling? How
does threat modeling work? Threat modeling
methods Advantages of threat modeling Due to the
impact of security vulnerabilities, cybersecurity
professionals are deploying countermeasures to
safeguard the systems, networks, or data. For
such instances, threat modeling emerged to
identify the vulnerabilities left undetected even
after performing traditional security testing
methods. What is threat modeling? Threat
modeling is a process used by cybersecurity
professionals to identify the application,
system, network, or business process security
vulnerabilities and to develop effective measures
to prevent or mitigate threats. It consists of a
structured process with these objectives
identify security threats and potential
vulnerabilities, define threat and vulnerability
criticality, and prioritize remediation methods.
www.infosectrain.com sales_at_infosectrain.com
4
How does threat modeling work? Threat modeling
works by identifying the various types of threats
that can affect an application or system.
Organizations analyze software architecture,
business context, and other artifacts while
accomplishing threat modeling. In general,
organizations perform threat modeling in the
designing stage of an application to help
developers identify the security vulnerabilities
in their design, code, or deployment.
www.infosectrain.com sales_at_infosectrain.com
5
Threat modeling methods Various types of threat
modeling methods are used to protect from cyber
threats. They are as follows Attack tree The
attack tree is one of the oldest and most
commonly used threat modeling methodologies,
designed to develop a conceptual diagram
illustrating how an asset or target is attacked,
with the root node, leaves, and children nodes.
This methodology is often combined with other
threat modeling methods such as PASTA, STRIDE,
etc. Common Vulnerability Scoring System (CVSS)
CVSS is a standard threat modeling method used to
help security teams access threats, identify the
impact, and develop countermeasures. It helps
organizations assess and prioritize vulnerability
management processes.
www.infosectrain.com sales_at_infosectrain.com
6
  • DREAD It was also developed by Microsoft, which
    dropped in 2008 due to a lack of consistent
    ratings. Many other organizations use the DREAD
    methods to rank and assess security threats.
  • Damage potential Ranks the severity of the
    threat
  • Reproducibility Ranks how the attack is
    reproducing easily
  • Exploitability Rating the effort required to
    initiate the attack
  • Affected users Collecting the number of users
    affected if an attack becomes widely available
  • Discoverability Rate how easy to identify the
    threat

www.infosectrain.com sales_at_infosectrain.com
7
  • OCTAVE The Operationally Critical Threat, Asset,
    and Vulnerability Evaluation (OCTAVE) threat
    modeling methodology is a risk-based strategic
    assessment and planning method. It aims at
    assessing organizational risks in three phases
  • Creating asset-based threat profiles
  • Identifying vulnerabilities
  • Developing and planning a security strategy
  • PASTA Process for Attack Simulation and Threat
    Analysis (PASTA) is a risk-centric methodology
    that provides threat identification, enumeration,
    and scoring. Because of its static framework, it
    is easy to implement and understands the risks of
    the application.
  • STRIDE It is a well-known threat modeling
    methodology developed by Microsoft that provides
    a mnemonic approach for identifying security
    threats in six types
  • Spoofing An attacker pretending as another user,
    component, or system feature to steal the data in
    the system.
  • Tampering Replicating data in the system to
    achieve a malicious goal.
  • Repudiation Due to the lack of evidence, the
    attacker can deny the malicious activities
    performed in the system.
  • Information disclosure Making protected data
    accessible to unauthorized users.
  • Denial of Service An attacker uses illegitimate
    methods to exhaust services required to serve
    users.





www.infosectrain.com sales_at_infosectrain.com
8
TRIKE TRIKE is a unique and open source threat
modeling method that aims at security auditing
processes from cyber risk management. It offers a
risk-based approach with an individual risk
modelling process. The Data Flow Diagram (DFD) is
generated with the requirements to understand how
the system stores and manipulates
dataimplementing mitigation controls to
prioritize the threats and then developing a risk
model based on the actions, roles, assets, and
threats. VAST Visual, Agile, Simple Threat
Modeling (VAST) is an automated threat modeling
method to differentiate the application and
operational threat models. It is designed to
integrate the workflows that require stakeholders
such as developers, application architects,
cybersecurity professionals, etc.




www.infosectrain.com sales_at_infosectrain.com
9
Threat Hunting Professional training with
InfosecTrain InfosecTrain is one of the best
security and technology training providers that
offer a wide range of IT security training and
Information Security (IS) consulting services. It
conducts a Threat Hunting Professional online
training course to provide participants with a
complete understanding of the threat hunting
methodologies and frameworks.




www.infosectrain.com sales_at_infosectrain.com
10
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
11
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
12
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
13
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
14
(No Transcript)
15
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "What is Threat Modeling?" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!