Recap of Past Topics If Covered?

What is Cyber Types of Cyber Importance of

Security Security Cyber Security

Types of Cyber
History of
Security
Cyber Security
Threats
Introduction to Threat
Modeling
Understanding the Foundations of
Information Assurance and Security
Definition

• Threat modeling is a structured

approach used to identify, evaluate, and
address potential security threats to
systems, applications, and networks.
The primary purpose of threat modeling
is to anticipate how an adversary may
exploit vulnerabilities and to design
effective countermeasures to mitigate
these risks. This proactive process
involves understanding the assets that
need protection, identifying potential
threats, and assessing the impact and
likelihood of these threats occurring.
Key components of threat modeling include:

Identifying Assets: Recognizing what is valuable and needs protection, such as sensitive
data, intellectual property, and critical systems.

Understanding Threats: Identifying potential adversaries and their motivations, as well as

the techniques they might use to exploit vulnerabilities.

Assessing Vulnerabilities: Evaluating weaknesses in systems, applications, and processes

that could be exploited by threats.

Evaluating Risks: Determining the potential impact and likelihood of threats exploiting
vulnerabilities, which helps prioritize security efforts.

Mitigation Strategies: Designing countermeasures to reduce the risk posed by identified

threats.
Relevance of Threat Modeling in
the Cybersecurity Landscape
• In today’s digital world, where organizations increasingly
rely on technology, the threat landscape is continuously
evolving. Cyberattacks are becoming more sophisticated
and frequent, making it essential for organizations to
adopt proactive security measures. Threat modeling plays
a crucial role in this proactive approach for several
reasons:
 • Early Detection of Risks: By identifying
Relevance of threats early in the development
lifecycle, organizations can design
Threat systems that are inherently more secure,
reducing the likelihood of successful
Modeling in attacks.

the • Resource Optimization: Understanding

specific threats allows organizations to
Cybersecurity allocate resources effectively, focusing
on the most critical risks rather than
Landscape spreading efforts too thin across all
potential threats.
 • Regulatory Compliance: Many industries face strict
regulatory requirements regarding data protection
Relevance of and cybersecurity. Threat modeling helps
organizations demonstrate due diligence in
Threat managing security risks.
• Enhanced Incident Response: By understanding
Modeling in potential threats and vulnerabilities, organizations
can develop more effective incident response plans,
the enabling them to respond swiftly and effectively to
security incidents.

Cybersecurity • Fostering a Security Culture: Integrating threat

modeling into the development process encourages

Landscape a culture of security awareness among all

stakeholders, from developers to executives.
Challenges in
• Difficulty in Identifying All Potential Threats
o Challenge: It’s nearly impossible to anticipate
every possible threat due to the constantly

Threat evolving threat landscape.

o Impact: New threats and attack techniques

Modeling
continually emerge, requiring models to be
revisited and updated frequently.
• Resource Constraints for Smaller Organizations
o Challenge: Smaller teams may lack dedicated
security resources, making it hard to implement
thorough threat modeling practices.
o Impact: Limited budgets and staffing mean that
smaller organizations may have to prioritize only
their highest-risk assets, leaving other
vulnerabilities unaddressed.
Challenges in
• Balancing Security with User Experience and Development
Speed
o Challenge: Implementing robust security measures

Threat
can sometimes slow down development cycles or
add complexity to user interactions.
o Impact: Teams often face pressure to release

Modeling features quickly and maintain a smooth user

experience, which can lead to trade-offs in security.
o Changing Technology and Business Requirements
o Challenge: Rapid changes in technologies, business
priorities, and regulatory requirements mean that
threat models can quickly become outdated.
o Impact: Teams need to frequently revisit and adjust
their models to stay aligned with new requirements
and emerging threats.
Challenges in • Cross-Team Communication and
Alignment

Threat o Challenge: Threat modeling requires

collaboration across multiple teams—
security, development, and
Modeling management—which can be
challenging to coordinate.
o Impact: Miscommunication or lack of
alignment can lead to overlooked
threats, inconsistent priorities, and
inefficiencies in applying
countermeasures
 Microsoft and STRIDE: Improved Windows security
by identifying threat categories, reducing post-
release patches and increasing user trust.

Real-World Capital One and Cloud Security: Strengthened

Examples of cloud-specific defenses post-breach, minimizing
future data exposure risks.
Threat Modeling
Success Adobe and Product Development: Used STRIDE
and Attack Trees in development, reducing
vulnerability response times and enhancing stability.

Google and Attack Trees: Mapped potential attack

paths in cloud services, strengthening layered
defenses and improving security reputation.
Threat Modeling Frameworks and Methods
STRIDE: A widely used model for categorizing types of threats—Spoofing, Tampering,
Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

DREAD: A model for evaluating threats based on Damage potential, Reproducibility,

Exploitability, Affected users, and Discoverability.

PASTA (Process for Attack Simulation and Threat Analysis): A risk-centric approach focusing
on business impacts, with a seven-stage process to simulate and analyze threats.

OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation): Focuses on

identifying critical assets and prioritizing security risks in a business context.

Attack Trees and Attack Path Analysis: Visual representations of attack paths to systematically
identify vulnerabilities in a system’s design.
 What is Threat Modeling?
• Structured process to identify, evaluate, and mitigate
security threats in systems.
Why It Matters
• Early risk detection, resource optimization, regulatory
compliance, better incident response, and fosters a
security culture.
Key Challenges
Recap of Key Points • Identifying all threats, limited resources, balancing speed
with security, keeping models updated, and cross-team
alignment.
Intro to Frameworks (for Next Session)
• STRIDE: Categorizes threats (Spoofing, Tampering, etc.).
• PASTA: Business-risk focus.
• OCTAVE: Prioritizes critical assets.
• Attack Trees: Maps possible attack paths.
Threat Modeling Frameworks
STRIDE Threat Modeling

• STRIDE is a threat modeling framework developed by Microsoft to help identify

various types of security threats in systems. Each letter in "STRIDE" stands for a
different type of threat.
• STRIDE aims to assist developers and security professionals in categorizing and
understanding potential threats to better secure systems from the early stages of
design.
• STRIDE is commonly applied in software development, particularly for systems that
handle sensitive data or critical functions, and is widely used by organizations to
systematically approach security.
The Components of STRIDE

• Each letter in STRIDE represents a specific type of threat. Here’s a breakdown:

• S - Spoofing:
• Description: Pretending to be someone else to gain unauthorized access.
• Example: Logging into a system using stolen credentials.
• Mitigation: Use strong authentication mechanisms, such as multi-factor authentication
(MFA).
• T - Tampering:
• Description: Modifying data or code, either in storage or in transit.
• Example: Changing the contents of a database without authorization.
• Mitigation: Employ data integrity checks, use encryption, and restrict access to sensitive
data.
The Components of STRIDE

• R - Repudiation:
• Description: Denying an action after performing it, often to avoid blame or responsibility.
• Example: A user claims they never made a fraudulent transaction.
• Mitigation: Implement logging and auditing to provide proof of actions within the system.
• I - Information Disclosure:
• Description: Exposing sensitive information to unauthorized individuals.
• Example: A web application reveals private user data through a URL or unencrypted data in
transit.
• Mitigation: Use encryption for data at rest and in transit, and enforce strict access controls.
The Components of STRIDE

• D - Denial of Service (DoS):

• Description: Disrupting the availability of a system, making it unusable for legitimate users.
• Example: Flooding a server with traffic to overwhelm and crash it.
• Mitigation: Implement rate limiting, load balancing, and redundant systems to maintain
availability.
• E - Elevation of Privilege:
• Description: Gaining higher access rights or permissions than intended.
• Example: A user with guest access exploits a vulnerability to gain admin-level permissions.
• Mitigation: Apply the principle of least privilege, regularly update software, and conduct
security testing.
Applying STRIDE in Threat Modeling

• Identify Assets and Entry Points: Begin by determining which assets are most valuable and
where attackers might interact with the system (entry points).
• Categorize Threats: For each entry point or asset, categorize potential threats using STRIDE.
This step involves analyzing how each STRIDE category could apply to each component of
the system.
• Prioritize Threats: Not all threats have the same level of risk. Assess the potential impact of
each identified threat and prioritize based on the likelihood and potential damage.
• Develop Mitigations: For each identified threat, determine appropriate countermeasures.
Focus on reducing the likelihood of the threat occurring or limiting its impact.
Benefits of STRIDE Threat Modeling

• Systematic Approach: STRIDE provides a structured way to think about threats,

ensuring that a wide range of threat types is considered.
• Improved Security Posture: By addressing potential threats early in the design
process, organizations can create systems that are less vulnerable to attacks.
• Clear Communication: STRIDE categories are easy to understand and explain,
making it easier to communicate risks and mitigation strategies to stakeholders.
Example Exercise for Students

Scenario: Imagine you’re securing a basic e-commerce website. The system has user
login functionality, payment processing, and a product catalog.
• Task: Use the STRIDE framework to identify potential threats for each system
component.
• Follow-Up Discussion: After identifying threats, propose possible mitigation
strategies. For instance, discuss how adding encryption or access control might
reduce specific threats.
Key Takeaways

• STRIDE as a Framework: STRIDE helps structure the threat modeling process,

making it easier to uncover and address a wide range of security threats.
• Understanding Threats: Recognizing specific types of threats allows for more
targeted security measures, improving system resilience against attacks.
• Mitigating Risks Early: By considering STRIDE in the design and development
stages, organizations can significantly reduce the cost and impact of potential
security incidents later on.
Questions and
Discussions
 On a ¼ sheet of paper, research and submit one threat
Assignment modeling framework to be submitted next meeting.
Also prepare for a class discussion or recitation about
what we have discussed today.