What are the key risks and threats that your business might be exposed to?

What are the key risks and threats that your business might be exposed to?

Threat modelling is designed to highlight the potential of systemic threats and vulnerabilities by reviewing your systems architecture to understand the likely attack vectors. It works to identify, understand and communicate threats (and associated mitigations), and can apply to not just software, but to applications, systems, networks and business processes too.

Threat modelling can – and ideally should – be undertaken at both the macro and the micro level. Macro modelling encompasses multiple systems and processes in analysing potential threats, while micro modelling focuses on a single system or process.

Application Threat Modelling

The process

No matter the level on which we model threats, or the software or process to which it is applied, our threat modelling process remains the same.

Step 1: Architectural diagrams

We will first produce architectural diagrams of the system or systems being modelled. These diagrams give us a complete view of the system/s, identifying information flows, integration points, information stores, process boundaries and access points.

Step 2: STRIDE checklist

Once we have our bird’s eye view, we apply the STRIDE framework to reveal all possible threats and vulnerabilities. This framework checks for:

  • Spoofing
  • Tampering
  • Repudiation
  • Information disclosure
  • Denial of service
  • Elevation of privilege

Step 3: Risk management plan

The STRIDE framework will reveal a set of risks that we compile in an easy to follow risk management plan for you. For each risk we outline controls that will both reduce the likelihood of the risk occurring, and minimise the impact in the unlikely event that an attacker penetrates security controls looks to exploit the vulnerability. We also help to maintain a record of the system/s known vulnerabilities, and how they’re being managed.

As an organisation’s reliance on its technology systems increases, the importance of understanding potential threats and how to minimise them becomes ever greater. Contact Stratigence today to get on the front foot through threat modelling.

Our cyber security offerings

Application Penetration Testing

Application Penetration Testing

Information Security Compliance

Technology Roadmapping