Threat Model Flashcards
Get all-round knowledge on base level Threat Models in order to advance to more sophisticated ones.
Threat Model
A description / design / model of what you’ur worried about.
A list of assumptions that can be checked or challenged (pushed till the extent of eventual breakage) in the future as the threat landscape changes.
A list of potential threats to the system.
A way of validating the model and threats, and verification of actions taken.
Motto : Threat Modeling ; the sooner the better, but never too late.
Why make Threat Models?
To Build a secure design
For Efficient investment of resources; appropriately prioritize security, development, and other tasks
Why make Threat Models?
Bring Security and Development together to collaborate on a shared understanding, informing development of the system
Identify threats and compliance requirements, and evaluate their risk
Why make Threat Models?
Define and build required controls.
Balance risks, controls, and usability
Why make Threat Models?
Identify where building a control is unnecessary, based on acceptable risk.
To Document threats and mitigation.
Why make Threat Models?
To Ensure business requirements (or goals) are adequately protected in the face of a malicious actor, accidents, or other causes of impact.
Identification of security test cases / security test scenarios to test the security requirements
