Threat Modelling
Threat modelling, in a cybersecurity context, is a series of steps to ultimately improve the security of a system. Threat modelling is about identifying risk and essentially boils down to:
- Identify critical systems and applications, noting their roles and whether they hold sensitive information.
- Assess vulnerabilities and potential exploits for these systems and applications.
- Develop a plan to secure these systems and applications against identified vulnerabilities.
- Implement policies to prevent future vulnerabilities, such as SDLC processes or employee training on phishing awareness.
Threat modelling is an important procedure in reducing the risk within a system or application, as it creates a high-level overview of an organisation’s IT assets (an asset in IT is a piece of software or hardware) and the procedures to resolve vulnerabilities.
Ex Frameworks: STRIDE, DREAD and CVSS.
Unified Kill Chain
UKC states that there are 18 phases to an attack:
