The issue of security of any system is in the first place in the modern world. Threat modeling plays an important role in this regard.
Without threat modelling, either an excessive protection system will be built, protecting, among other things, from threats that do not exist. Or an ineffective protection system that does not cover all current threats.
Main difficulties in threat modelling
The threat is relevant if damage can be caused from the implementation of the threat. There is an actual violator and a scenario for the implementation of the threat.
The data collected and systematized at the stages are used as initial:
- definitions of negative consequences;
- identification of possible objects of threat impact;
- assessment of the possibility of implementing threats.
The motivation of the violator is not explicitly considered, but it is clear that you will hardly consider an unmotivated violator to be relevant when modelling threats.
The most difficult thing when modelling threats is developing realistic scenarios. For example, if there are 10 current threats, and there are 10 different scenarios for each of them. The complexity of presenting these scenarios becomes extremely high.
Stride threat modelling contains a list of possible violators who can compromise/impose/spoil information in the system being developed; a list of threats according to the class of your system and a description of some of the consequences that may appear if the violator still steals your information.
Here are the highlights that the STRIDE threat model includes:
- description of the information system;
- structural and functional characteristics;
- description of security threats;
- intruder model;
- possible vulnerabilities;
- ways to implement threats;
- consequences of violating the security properties of information.
Remember, only experienced unique specialists can process restricted access information and provide both threat modelling services and a full range of information protection services.