Jump to navigation Jump to search
Threat modelling is a structured approach of identifying and prioritizing potential Threats to a system, and determining the value that potential mitigations would have in reducing or neutralizing those threats.
- Information security consideration should start early
- Identify potential security threats and Attack Vectors
- Architect to address security concerns
- Ensure backlogs reflect important security requirements
- Threat Modelling Process
- Design - What are we building?
- Break - What can go wrong?
- Fix - What can we do about it?
- Verify - Did you do a good job?
- Threat Modelling - Vulnerability -> Threat -> Impact -> Controls->Validate
- Threat Modelling: Identify Assets
- Non-Cyber Threats
- Attack Tree
- Threat Modelling Frameworks
- Threat Modelling Technology