401 Reading 29 - marsecguy/reading-notes-cyberops GitHub Wiki
STRIDE Model
-
Explain threat modeling using real-world non-technical examples.
- Threat modeling can be viewed similarly as doing a security assessment of your home. When leaving your home for the day, you consider things like:
- Are the windows all closed in case it rains?
- Are the doors and windows locked to prevent someone from coming in?
- Is the range and iron turned off to prevent fires?
- Is my alarm system turned on?
- Threat modeling with computers and networks operate much the same. It gives you a structured method to consider what bad things could happen and whether or not you are prepared to deal with those threats if they should arise.
- Threat modeling can be viewed similarly as doing a security assessment of your home. When leaving your home for the day, you consider things like:
-
What are the four questions that can help us organize threat modeling?
- What are we working on?
- What can go wrong?
- What are we going to do about it?
- Did we do a good job?
-
You are the project lead for a new application. How would you explain the benefits of Threat Modeling to the rest of the team?
- By using threat modeling as we develop the application, we can anticipate the security gaps and weaknesses that could unintentionally be built into the application and deal with them now. That would save significant resources from having to deal with those problems after the app is released and potentially save our reputation by heading off issues before they can happen.