登录查看更多内容

How do you model threats to a complex information system?

由人工智能和领英社区提供技术支持

Complex information systems are often exposed to various threats that can compromise their confidentiality, integrity, or availability. To protect these systems, you need to identify and analyze the potential sources, methods, and impacts of these threats. This is called threat modeling, and it is a crucial step in the risk assessment and management process. In this article, you will learn how to model threats to a complex information system using a systematic and structured approach.

此文章中的业界达人

由社区从 6 条内容中精选。了解更多

Matthew Coles
Ashwini Siddhi

OWASP Global Board of Director| Women in Cyber Security Advocate

1 What is threat modeling?

Threat modeling is the process of creating a representation of the system, its components, its interactions, and its environment, and then identifying and evaluating the threats that can affect it. Threat modeling helps you to understand the system's vulnerabilities, prioritize the risks, and design appropriate countermeasures. Threat modeling can be done at different stages of the system development life cycle, from the initial design to the maintenance and operation.

添加您的观点

Ashwini Siddhi

OWASP Global Board of Director| Women in Cyber Security Advocate
举报内容
Threat Modeling can be done at any stage of the system development but to maximize the benefits of the exercise it is best done at the design phase.

已翻译

赞

2 How to perform threat modeling?

Threat modeling involves different methods and frameworks, but generally follows a similar workflow. To begin, you need to define the scope and objectives of the exercise, such as the assets, boundaries, and assumptions of the system. Additionally, you should create a diagram or model of the system architecture and data flows. After that, identify the threat sources and scenarios, such as potential adversaries and their capabilities. Then, analyze the threat impacts and likelihoods to determine how severe and probable they are. Finally, prioritize and mitigate the threats by implementing best practices and controls. This will help you monitor and update the threat model as the system evolves.

添加您的观点

3 What are some tools and techniques for threat modeling?

Threat modeling can be done manually or with the help of tools and techniques to provide guidance and structure. Common tools include STRIDE, a mnemonic that stands for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege; DREAD, a mnemonic that stands for Damage, Reproducibility, Exploitability, Affected users, and Discoverability; Attack trees, a graphical representation of possible paths and conditions an attacker can follow; and Microsoft Threat Modeling Tool, a software application that helps to create data flow diagrams, apply the STRIDE method, generate threat reports, and validate the threat model.

添加您的观点

Ashwini Siddhi

OWASP Global Board of Director| Women in Cyber Security Advocate
举报内容
I share @Matt Coles' perspective on STRIDE as a methodology. I've observed that some people use STRIDE to refer to the Microsoft Threat Modeling Tool, which is based on the STRIDE approach itself. In my experience, developers sometimes struggle with the STRIDE terms. So, I opt for a simpler rule: assessing potential security, privacy, and safety issues in the design, while also considering the preservation of system and data confidentiality, integrity, and availability. In the past, DREAD was commonly used alongside STRIDE to determine the severity of identified threats - the reason it is thought of as a framework for TM. However, I've noticed a shift towards the adoption of CVSS calculator, leading to DREAD being gradually replaced.

已翻译

赞
Matthew Coles
举报内容
To clarify, STRIDE is one approach or methodology for performing threat modeling rather than being a tool itself; there are a number of tools that implement the STRIDE methodology for threat analysis. DREAD is a method for assessing the severity of threats identified by STRIDE, although it has been declared "dead" by some; OWASP Risk Rating Methodology, CVSS, and CWSS are other methods for severity determination of threats. In addition to tools like the Microsoft Threat Modeling Tool or OWASP Threat Dragon in which users can draw diagrams and identify threats, there exists a class of tools for creating models and performing analysis by writing code to describe a system; OWASP pytm is an example of this class of tool.

已翻译

赞

4 What are the benefits and challenges of threat modeling?

Threat modeling can provide several benefits for the security of complex information systems, such as improving security awareness and culture, enhancing security design and architecture, reducing costs and efforts of security testing, and supporting compliance and governance. However, it can also pose some challenges. It requires a significant amount of time, resources, and expertise to perform effectively and comprehensively. Additionally, its accuracy and completeness depend on the system information and assumptions used to create the threat model. Moreover, it needs to be updated and maintained regularly to reflect the changes of the system and the threat landscape.

添加您的观点

Ashwini Siddhi

OWASP Global Board of Director| Women in Cyber Security Advocate
举报内容
One of the major benefits of Threat Modeling is that when it is done right like in mature organizations, it can drive the entire Secure Development Lifecycle and not just be limited as a secure design verification activity.

已翻译

赞

5 How to learn more about threat modeling?

Threat modeling is a valuable skill for information security professionals and enthusiasts who want to protect complex information systems from cyberattacks. To learn more about threat modeling, you can explore the OWASP Threat Modeling Cheat Sheet – a concise and practical guide that covers the basics and best practices. There is also the Threat Modeling Manifesto – a collaborative document that defines the principles and values of threat modeling. Finally, there is the Threat Modeling Book – a comprehensive and in-depth book that teaches you how to apply threat modeling to different types of systems and scenarios.

添加您的观点

Matthew Coles
举报内容
There are at least 3 solid Threat Modeling reference books available to consider: "Threat Modeling: Designing for Security" being the gold standard, "Threat Modeling: A Practical Guide for Development Teams" which looks across the threat modeling landscape for developers to consider, and "Threat Modeling" (the original reference from Microsoft). Additionally there are great books on securing systems, applying secure design principles, and creating secure architectures that can help new or experienced security practitioners to learn critical security concepts or patterns that will help them be better at threat modeling. Lastly, threat modeling is not just for security; be sure to check out resources for Privacy-focused Threat Modeling.

已翻译

赞

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Ashwini Siddhi

OWASP Global Board of Director| Women in Cyber Security Advocate
举报内容
1. We need to talk about sequence diagrams for critical transactions. 2. FAQs like when is a Threat Model really complete etc. 3. Mention other frameworks like PASTA, LINDDUN etc. Doesn't hurt to mention commercial tools either :)

已翻译

赞

Information Security

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How do you model threats to a complex information system?

1

2

3

4

5

6

1 What is threat modeling?

2 How to perform threat modeling?

3 What are some tools and techniques for threat modeling?

4 What are the benefits and challenges of threat modeling?

5 How to learn more about threat modeling?

6 Here’s what else to consider

Information Security

给文章评分

感谢您的反馈

更多Information Security相关文章

更多相关阅读内容

How do you model threats to a complex information system?

1

2

3

4

5

6

1 What is threat modeling?

2 How to perform threat modeling?

3 What are some tools and techniques for threat modeling?

4 What are the benefits and challenges of threat modeling?

5 How to learn more about threat modeling?

6 Here’s what else to consider

Information Security

给文章评分

感谢您的反馈

查看其他技能