Threat Model - Approaches To Threat Modeling

Approaches To Threat Modeling

There are at least three general approaches to threat modeling:

Attacker-centric
Attacker-centric threat modeling starts with an attacker, and evaluates their goals, and how they might achieve them. Attacker's motivations are often considered, for example, "The NSA wants to read this email," or "Jon wants to copy this DVD and share it with his friends." This approach usually starts from either entry points or assets.
Software-centric
Software-centric threat modeling (also called 'system-centric,' 'design-centric,' or 'architecture-centric') starts from the design of the system, and attempts to step through a model of the system, looking for types of attacks against each element of the model. This approach is used in threat modeling in Microsoft's Security Development Lifecycle.
Asset-centric
Asset-centric threat modeling involves starting from assets entrusted to a system, such as a collection of sensitive personal information.

Read more about this topic:  Threat Model

Famous quotes containing the words approaches to, approaches, threat and/or modeling:

    Someone approaches to say his life is ruined
    and to fall down at your feet
    and pound his head upon the sidewalk.
    David Ignatow (b. 1914)

    As the truest society approaches always nearer to solitude, so the most excellent speech finally falls into Silence. Silence is audible to all men, at all times, and in all places. She is when we hear inwardly, sound when we hear outwardly. Creation has not displaced her, but is her visible framework and foil. All sounds are her servants, and purveyors, proclaiming not only that their mistress is, but is a rare mistress, and earnestly to be sought after.
    Henry David Thoreau (1817–1862)

    Where do whites fit in the New Africa? Nowhere, I’m inclined to say ... and I do believe that it is true that even the gentlest and most westernised Africans would like the emotional idea of the continent entirely without the complication of the presence of the white man for a generation or two. But nowhere, as an answer for us whites, is in the same category as remarks like What’s the use of living? in the face of the threat of atomic radiation. We are living; we are in Africa.
    Nadine Gordimer (b. 1923)

    The computer takes up where psychoanalysis left off. It takes the ideas of a decentered self and makes it more concrete by modeling mind as a multiprocessing machine.
    Sherry Turkle (b. 1948)