1 / 6

Threat Modelling Methodologies

An experienced threat response consultant would rely on STRIDE cyber threat modeling methodology from the get-go. This threat model is the brainchild of engineers at Microsoft. One of the compelling upsides of this threat model is its ability to evaluate individual systems.<br>Website: https://www.fncyber.com/threat-response-engineering

fncyber
Download Presentation

Threat Modelling Methodologies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ThreatModelling Methodologies

  2. It allows CTOs to protect their enterprise in the digital realm. Essential resources are redirected so that cyber security experts can keep their enterprise protected. • Cyber threat mitigation plans are prepared on priority in a bid to ensure that cyber security solutions can be readily implemented. • It allows CTOs to ensure that defense mechanisms are periodically updated, in line with ever-evolving cyber threats. • Security vulnerabilities in proprietary software are patched on time before they can be exploited by cybercriminals. Benefits of Cyber Threat Modeling at a Glance

  3. An experienced threat response consultantwould rely on STRIDE cyber threat modeling methodology from the get-go. This threat model is the brainchild of engineers at Microsoft. One of the compelling upsides of this threat model is its ability to evaluate individual systems. STRIDE can be used to detect threats such as – • Spoofing — users or programs that pretend to be something or someone they are not. • Tampering — a modified section of source code in a website or app that can be used as a backdoor to gain illegal access. • Repudiation — instances when threat events go unnoticed. • Information disclosure — in the form of leaked or exposed business-critical data. • Denial of service (DoS) — where a website crashes and become unavailable for business use due to online traffic overload from spam sources. • Elevation of privilege — where cybercriminals give themselves admin-level clearance to a system of an enterprise and carry out a full-blown cyber attack. STRIDE -Threat Modeling

  4. As per the spokesperson of a revered provider of cyber security consulting services, PASTA is yet another revered cyber threat modeling methodology.PASTA is the abbreviation for Process for Attack Simulation and Threat Analysis.It is a cyber attacker-centric methodology that entails seven steps.The steps are as follows -The business objectives are first defined. • The next step is defining the technical scope of components and assets. • The next step is the decomposition of the affected application and identifying its set of controls that have been compromised. • The following step is the analysis of threat(s) which is based on threat intelligence. • After that, the affected software or sections in the affected IT infrastructure will be scanned for vulnerabilities. • Following that, detailed modeling of the attack will commence and then • A risk analysis will commence followed by the development of countermeasures. PASTA Cyber Threat Modeling Methodology

  5. CVSS stands for Common Vulnerability Scoring System. It is a standardized cyber threat scoring system. It allows a cyber security expert to assign scores to known cyber threats.This system entails a design that allows cyber security experts – • Run treat assessments • Apply and assess threat intelligence • Identify the impact of a cyber-attack and • Identify the countermeasures that are being used by an enterprise against incoming threats in real-time. Cyber resilience should be the norm in small, medium and large-scale enterprises. Cyber threat has exacted a heavy toll on the online community, posing constant fear of the breach of sensitive data. So threat modelling is taking a step back, assessing your organization’s digital and network assets, identifying weak spots, determining what threats exist, and developing plans to protect or recover. The best results can only be achieved by hiring a third party that excels in offering cybersecurity solutions. CVSS Threat Modeling Methodology

  6. THANKYOU

More Related