Threat Model Flashcards

Get all-round knowledge on base level Threat Models in order to advance to more sophisticated ones.

1
Q

Threat Model

A

A description / design / model of what you’ur worried about.

A list of assumptions that can be checked or challenged (pushed till the extent of eventual breakage) in the future as the threat landscape changes.

A list of potential threats to the system.

A way of validating the model and threats, and verification of actions taken.

Motto : Threat Modeling ; the sooner the better, but never too late.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why make Threat Models?

A

To Build a secure design

For Efficient investment of resources; appropriately prioritize security, development, and other tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Why make Threat Models?

A

Bring Security and Development together to collaborate on a shared understanding, informing development of the system

Identify threats and compliance requirements, and evaluate their risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Why make Threat Models?

A

Define and build required controls.

Balance risks, controls, and usability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Why make Threat Models?

A

Identify where building a control is unnecessary, based on acceptable risk.

To Document threats and mitigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why make Threat Models?

A

To Ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.

Identification of security test cases / security test scenarios to test the security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly