A Primer on Common Cybersecurity Terms & Acronyms, Part 2

Cybersecurity, like any field, is rife with its own terminology, abbreviations, and unique definitions. This series is an attempt to help non-IT professionals learn and understand this language.

See Part 1, here.

Part 2 - Threat Modeling

Threat modeling is a process used in security engineering to identify, assess, and prioritize potential threats to a system. It involves systematically examining the potential attackers, their goals, and the ways they might exploit vulnerabilities to achieve those goals. The main objective of threat modeling is to enhance the security of a system by identifying threats and vulnerabilities early in the design phase, allowing for the implementation of appropriate countermeasures before the system is deployed. The process can be applied to a wide range of systems, including software applications, networks, and organizational procedures.

There are numerous approaches to threat modeling that can be selected, individually or in ensemble, depending on use case, product complexity, system risk, time, and resources. The most popular methods are outlined below, but this list is not exhaustive.

• Attack Trees

The OG of threat modeling methods, the Attack Trees formulate branching paths through the data flows of a system that represent different threat actor objectives from each potential entry point to a subset of possible endpoints. Each node in a given branch represents a potential tactic, technique, or procedure (TTP) an attacker can exploit, allowing security teams to build appropriate controls into the system's design.

• STRIDE - Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege

STRIDE is a threat model useful for analyzing individual systems on a network or as components within a larger supersystem - given an architectural description of such a system, a security analyst considers potential impacts from each of the attack categories represented in the STRIDE acronym if perpetrated on an identified system weakness or vulnerability.

• Cybersecurity FMEA

FMEA, or Failure Modes and Effects Analysis, is a reliability engineering method developed by the US military after World War II to systematically and comprehensively analyze the impact of component-level failures in complex systems, such as ICBM launch control systems. It is adaptable to the security domain to evaluate failures in connected components, information networks, interfaces, automated and manual processes, and software applications that could lead to breaches, downtime, or compromise.

• PASTA - Process for Attack Simulation and Threat Analysis

PASTA is a seven-step method that integrates security objectives with business and technical considerations, helping organizations to effectively allocate resources to mitigate threats prioritized by potential impact. The seven steps of the process include: definition of business objectives and identification of critical assets; definition of technical scope, including system boundaries and data flows; application decomposition; threat analysis; vulnerability and weakness identification; attack modeling; and risk and impact analysis.

• Trike

Trike is an open-source, risk-based threat modeling methodology that takes an auditing approach to system security, emphasizing proactive defensive design and a situationally-aware security posture. It encourages a collaborative, consensus-based workflow for assigning risk to vulnerable assets, which are represented in a data flow diagram. This visual approach facilitates the rapid development, communication, and application of appropriate security controls, but may become cumbersome for large or overly complex systems.

• Security Cards

The Security Cards method consists of a deck of 42 cards organized into 4 dimensions: Human Impact, Adversary's Motivations, Adversary's Resources, and Adversary's Methods. Each card introduces a concept and asks a series of questions intended to help security teams brainstorm and discuss how different threats impinge on the system being analyzed. This method can be used as a standalone method for threat modeling for relatively simple systems, or as an adjunct to other methodologies to stimulate lateral thinking about weaknesses and attack patterns.

The threat modeling methods described above are a diverse collection of tools with different histories, approaches, and pedigrees. One's choice of tool depends on many factors, including familiarity, ease of adoption, complexity of the product being analyzed, design life cycle stage, resource and time availability, security and business objectives, and many others. There is no one-size-fits-all, best option of threat model, and sometimes something as simple as a brainstormed list of potential weaknesses and proposed mitigations based on an architectural analysis can be an effective first step in secure design.

With a threat model in hand, identification of extant weaknesses, vulnerabilities, and susceptibility to attack patterns becomes easier, assuming you already know the components in your system and how information flows between them. But what if you don't?

Part 3 of this series will address terms related to asset and component identification and management.

#Cybersecurity #ThreatModeling #SPDF #PASTA #STRIDE #Trike #AttackTrees #SecurityCards #SecurityEngineering #CybersecurityFMEA #CybersecurityLiteracy #CybersecurityForEveryone