Threat Model - Approaches To Threat Modeling

Approaches To Threat Modeling

There are at least three general approaches to threat modeling:

Attacker-centric
Attacker-centric threat modeling starts with an attacker, and evaluates their goals, and how they might achieve them. Attacker's motivations are often considered, for example, "The NSA wants to read this email," or "Jon wants to copy this DVD and share it with his friends." This approach usually starts from either entry points or assets.
Software-centric
Software-centric threat modeling (also called 'system-centric,' 'design-centric,' or 'architecture-centric') starts from the design of the system, and attempts to step through a model of the system, looking for types of attacks against each element of the model. This approach is used in threat modeling in Microsoft's Security Development Lifecycle.
Asset-centric
Asset-centric threat modeling involves starting from assets entrusted to a system, such as a collection of sensitive personal information.

Read more about this topic:  Threat Model

Famous quotes containing the words approaches to, approaches, threat and/or modeling:

    I should say that the most prominent scientific men of our country, and perhaps of this age, are either serving the arts and not pure science, or are performing faithful but quite subordinate labors in particular departments. They make no steady and systematic approaches to the central fact.... There is wanting constant and accurate observation with enough of theory to direct and discipline it. But, above all, there is wanting genius.
    Henry David Thoreau (1817–1862)

    If I commit suicide, it will not be to destroy myself but to put myself back together again. Suicide will be for me only one means of violently reconquering myself, of brutally invading my being, of anticipating the unpredictable approaches of God. By suicide, I reintroduce my design in nature, I shall for the first time give things the shape of my will.
    Antonin Artaud (1896–1948)

    The only thing that saves us from the bureaucracy is inefficiency. An efficient bureaucracy is the greatest threat to liberty.
    Eugene J. McCarthy (b. 1916)

    The computer takes up where psychoanalysis left off. It takes the ideas of a decentered self and makes it more concrete by modeling mind as a multiprocessing machine.
    Sherry Turkle (b. 1948)