![]() ![]() Threat Modeling helps turn paranoia into pragmatic action. MICROSOFT THREAT MODELING TOOL EXAMPLES HOW TOOnce you learn how to Threat Model, you will never look at situations the same way again. Threat Modeling Turns Paranoia Into Pragmatic Action To an attacker, an asset could be the ability to misuse your application for unauthorized access to data or privileged operations. It might be intangible, such as your company’s reputation. To your business, an asset might be the availability of information or the information itself, such as customer data. Countermeasures range from improving application design or improving code, to improving an operational practice. Instead, it addresses the factors that define the threat. A countermeasure does not directly address a threat. A countermeasure addresses a vulnerability to reduce the probability of attack or the impact of a threat. Vulnerabilities can exist at the network, host, or application level and include operational practices. A vulnerability is a weakness in some aspect or feature of a system that makes an attack possible. This could be someone following through on a threat or exploiting a vulnerability. An attack is an action taken that uses one or more vulnerabilities to realize a threat. ![]() It may or may not be malicious in nature. A threat is an undesired event or potential occurrence, often best described as an effect that could damage or compromise an asset or objective. ![]() It helps to know the following terms when you are working through Threat Modeling: Relevant vulnerabilities and countermeasures.The Threat Modeling activity helps you to recognize and identify the following: Threat modeling is an approach you can use to help you identify threats, attacks, vulnerabilities, and countermeasures that might be relevant to your application. In this article, I’m going to use the example of Threat Modeling an app to make it concrete, but the same basic approach and ideas apply to anything you want to Threat Model. Whether you are facing a pandemic, designing a product, managing a property, or whatever, you will find that Threat Modeling is a very helpful and methodical way to explore and identify potential risks. Map out the threats, attacks, vulnerabilities, and countermeasures. Simply remember the following mantra to whittle any situation down to size: You can learn the basics of Threat Modeling to help you evaluate threats for any situation. “Those that are the loudest in their threats are the weakest in their actions.” - Charles Caleb Colton ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |