Week 4 Threat Modeling & Mitigation

Question 1

What is threat modelling?

Answer 1

Threat modeling is a structured process with these objectives: identify security requirements, pinpoint security threats and potential vulnerabilities, quantify threat and vulnerability criticality, and prioritize remediation methods.

Question 2

What are the benefits of threat modelling?

Answer 2

• Provide an enhanced view of systems. The steps involved in threat modeling–creating data flow diagrams (DFDs) and graphical representations of attack paths, as well as prioritizing assets and risks–help IT teams gain a deeper understanding of network security and architecture.
• Help enable better collaboration on security. Proper threat modeling requires input from many stakeholders. Participating in the process can help instill cybersecurity consciousness as a core competency for all participants.
• Facilitate risk prioritization. Businesses can use the threat data provided by modeling to make decisions about which security risks to prioritize–a helpful process for understanding where to allocate people and budget resources.

Question 3

What are the steps involved in threat modelling?

Answer 3

• Identify assets. An asset could be account data, intellectual property, or simply the reliable functioning of a system.
• Diagram the system. DFDs provide a high-level, asset-centric view of systems and the data flows of attacks. An attack tree, or graphic representation of an attack path, illustrates the possible origins and paths of attacks.
• Analyze threats. Use threat modeling methods to further analyze specific threat types, identify potential threats, map dataflows, and quantify risk.
• Perform risk management and prioritization. Many threat modeling tools produce threat scores and data for calculating risk. Stakeholder input is essential to this step.
• Identify fixes. Once you identify the areas, assets, or threats that matter most to the organization, the next steps may be apparent. Changing firewall, encryption, or multi-factor authentication settings are examples of steps to address a threat.

Question 4

How do I measure the effectiveness of threat modeling?

Answer 4

• Common Vulnerability Scoring System (CVSS). CVSS produces standardized scores for application vulnerabilities, IT systems and elements, and IoT devices; the scores can be calculated with a free online tool. For additional perspective, scores can be compared against a database of existing scores crowdsourced from similar enterprises.
• Penetration testing. Sometimes referred to as “ethical hacking,” penetration testing is the process of staging dummy attacks on a system to measure its strengths and weaknesses. Pen tests may require a good deal of time-consuming data analysis, so organizations should be wary of running too many tests, or tests on assets that are not sufficiently high-risk to justify the cost.

Question 5

What are the six stages of threat model process?

Answer 5

1. Assemble resources
2. Decompose the system
3. Identify threats
4. Rank the threats
5. Make a response plan
6. Mitigate the threats

Question 6

What is threat mitigation?

Answer 6

Threat mitigation is the process of reducing or removing a threat from a system

Question 7

What are the six fundamental ways of reducing orremoving a threat?

Answer 7

• Prevention
• Preemption
• Deterrence
• Deflection
• Detection
• Countermeasures