Threat Model

Threat Model

Threat modeling has two distinct, but related, meanings in computer security. The first is a description of the security issues the designer cares about. This is the sense of the question, "What is the threat model for DNSSec?" In the second sense, a threat model is a description of a set of security aspects; that is, when looking at a piece of software (or any computer system), one can define a threat model by defining a set of possible attacks to consider. It is often useful to define many separate threat models for one computer system. Each model defines a narrow set of possible attacks to focus on. A threat model can help to assess the probability, the potential harm, the priority etc., of attacks, and thus help to minimize or eradicate the threats. More recently, threat modeling has become an integral part of Microsoft's SDL (Security Development Lifecycle) process. The two senses derive from common military uses in the United States and the United Kingdom.

Threat modeling is based on the notion that any system or organization has assets of value worth protecting, these assets have certain vulnerabilities, internal or external threats exploit these vulnerabilities in order to cause damage to the assets, and appropriate security countermeasures exist that mitigate the threats.

Read more about Threat Model:  Approaches To Threat Modeling, Example Threat Modeling Approach, See Also, References

Famous quotes containing the words threat and/or model:

    Where do whites fit in the New Africa? Nowhere, I’m inclined to say ... and I do believe that it is true that even the gentlest and most westernised Africans would like the emotional idea of the continent entirely without the complication of the presence of the white man for a generation or two. But nowhere, as an answer for us whites, is in the same category as remarks like What’s the use of living? in the face of the threat of atomic radiation. We are living; we are in Africa.
    Nadine Gordimer (b. 1923)

    The playing adult steps sideward into another reality; the playing child advances forward to new stages of mastery....Child’s play is the infantile form of the human ability to deal with experience by creating model situations and to master reality by experiment and planning.
    Erik H. Erikson (20th century)