Threat Modeling Concepts Lecture 3

Questions and Answers

Explain the difference between a 'threat' and an 'attack' in the context of cybersecurity.

A 'threat' is a potential event that could cause harm to an organization's assets, while an 'attack' is an actual event that does cause harm to an organization's assets.

What are the key elements that make up a risk in cybersecurity, and how do these elements interact?

The key elements of risk are a threat, a vulnerability, an asset, and the potential damage. A threat exploits a vulnerability in an asset, potentially causing damage.

Describe the difference between a proactive and a reactive approach to threat modeling, providing an example for each.

A proactive approach to threat modeling focuses on identifying and mitigating threats before a product is deployed, such as implementing security controls during the design phase. A reactive approach involves analyzing threats after a product is deployed, such as patching vulnerabilities found in the software after release.

Explain how identifying threats 'focused on assets' differs from identifying threats 'focused on attackers,' and provide an example for each approach.

'Focused on assets' identifies threats based on the value of an organization's assets, e.g., protecting a critical database from unauthorized access. 'Focused on attackers' identifies threats based on the motivations and capabilities of known attackers, e.g., understanding the tactics used by a specific hacking group to prevent their targeted attacks.

What is the purpose of implementing controls or countermeasures in a cybersecurity context, and how do they relate to vulnerabilities and threats?

Controls or countermeasures aim to prevent or minimize the impact of threats by addressing vulnerabilities. These measures can include technical solutions such as firewalls or encryption, as well as procedural measures like security policies and training.

What is the purpose of the STRIDE model in threat assessment?

The STRIDE model is used to classify and categorize potential threats to a system, facilitating better security assessment.

List the six categories of threats identified in the STRIDE model.

The six categories are Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Explain the threat of 'Denial of Service' as defined in the STRIDE model.

'Denial of Service' refers to an attack that prevents authorized users from accessing resources by overloading connections or flooding traffic.

Why is it important to identify all technologies involved in a system during threat assessment?

Identifying all technologies allows for comprehensive threat analysis, as each component may present unique vulnerabilities.

How does understanding 'spoofing' aid in securing software applications?

Understanding 'spoofing' helps implement measures to verify user identities, thereby preventing unauthorized access.

Flashcards

STRIDE Model

A threat categorization scheme developed by Microsoft to identify potential threats to software systems.

Spoofing

Gaining access using a falsified identity, posing as someone you are not.

Tampering

Unauthorized changes or manipulation of data in a system.

Denial of Service (DoS)

An attack that prevents authorized users from accessing a resource by overloading it.

Elevation of Privilege

A process where a limited user account gains increased access rights and powers.

Asset

Any element considered valuable for an organization that needs protection.

Threat

A potential event that could cause unwanted impacts on an organization.

Vulnerability

The absence of safeguards or weaknesses in a system that can be exploited.

Risk

The likelihood that a threat will exploit a vulnerability, leading to loss.

Threat Modeling

A process of identifying, categorizing, and analyzing potential threats.

Study Notes

Lecture 3: Understand and Apply Threat Modeling Concepts and Methodologies

• This lecture covers threat modeling concepts and methodologies for understanding and applying threat concepts.

Dictionary

• Asset: Any element with value to an organization (resource, process, product, infrastructure).
• Threat: Any potential event causing unwanted impact upon the organization.
• Attack: Any actual event causing unwanted impact upon the organization.
• Vulnerability: Absence of safeguards or a system weakness that a threat can exploit.
• Threat Agent: The entity (person or process) that initiates a threat.
• Exploit: When a vulnerability is found by a threat agent and the threat is initiated.
• Control/Countermeasure/Safeguard: Any action to prevent a threat from exploiting a vulnerability or to minimize damage from an exploit.

Assets

• Assets include: email spam, sabotage, cyber war, cyber hacking, theft, identity, cyber terrorism, cyber snooping, cyber subversion, cyber espionage, and data theft.
• Also includes processes and people, along with tech issues

Risk Elements

• Risk: The possibility a threat will exploit a vulnerability.
• Risk management: Attempts to reduce or eliminate vulnerabilities or reduce impact.
• Risk elements include Threat, Vulnerability, Asset, Damage

Threat Modeling

• Threat modeling is a security process of identifying, categorizing, and analyzing potential threats.
• This can be proactive, during design and development, or reactive, after deployment.

Proactive Approach

• Predictive approach to threat modeling and designing specific defenses. It is done during coding and development avoiding post-deployment updates.

Reactive Approach

• Takes place after product creation and deployment. It's known as the adversarial approach.

Identifying Threats

• Focusing on assets: Method using asset valuation results to identify threats.
• Focusing on attackers: Identifies threats based on attacker's goals.
• Focusing on software: Potential threats targeting the software

Identifying Threats Steps

• Identify all the involved technologies.
• Identify attacks that could target each element (logical, technical, physical, and social).
• Provide prevention measures

STRIDE Threat Model

• A threat categorization scheme designed by Microsoft.
• Used to assess security and classify threats.
• Categorizes threats (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of service, Elevation of Privilege).

STRIDE Threat Model Categories

1. Spoofing: Gaining access through falsified identity.
2. Tampering: Unauthorized changes or manipulation of data.
3. Repudiation: Ability to deny having performed an action/activity.
4. Information Disclosure: Revelation or distribution of private information.
5. Denial of Service (DoS): Prevent authorized use of a resource.
6. Elevation of Privilege: Transforming a limited user account to one with greater privileges

Supply Chain

• A supply chain is a network between a company and its suppliers to produce and distribute a product to buyers.
• The concept that most computers, devices, networks, and systems are not built by one entity.

Secure Supply Chain

• A chain in which all vendors are trustworthy, reliable, disclose practices and security requirements, the finished product meets quality standards, and no elements were counterfeited or manipulated.

Apply CYS Concepts to Supply Chain

• Importance of security assessments when working with external entities, such as visits, documentation, process reviews, policy reviews, and third-party audits.

Security Governance Principles

• The collection of practices for supporting, defining, and directing security efforts.
• Often twisted with corporate and IT governance
• Concepts including credibility, transparency, accountability, and independence are important.

Evaluate and Apply Security Governance Principles

• Organizations are adapting to a global market. Governance issues are more complex due to differing laws and conflicts.
• Guidance and tools for oversight, management, threat addressing, and risk elimination are needed.

Security as Not Just an IT Issue

• Security extends beyond IT staff duties. Businesses need security policies for management, operations, and development.

Alignment of Security Function

• Security management planning ensures, implements, and enforces security policy.
• Aligning security function to strategic, goals, mission, and objectives, using a top-down approach for policies, and provides direction for levels of the hierarchy.

Information Security Team

• Autonomous teams responsible for security within an organization.
• Led by a Chief Information Security Officer (CISO).
• Plan includes defining security roles, management, responsibility, testing, policy development, performing risk analysis, requiring education.

Developing and Implementing a Security Policy

• A team should create strategic, tactical, and operational plans.
• Planning levels include: strategic, tactical, and operational.
• This involves Year 0, Year 1, and subsequent year plans for each.

Strategic Plan

• Long-term, fairly stable plan describing the organization's security purpose, aligning it to its mission.
• It's maintained and updated yearly, serving as the planning horizon. Includes risk assessment.

Tactical Plan

• Midterm plans providing details on accomplishing strategic plan goals.
• Helpful for about a year; outlines tasks for organizational goals, as well as project development.

Operational Plan

• Short, highly detailed plan based on strategic and tactical plans.
• Should be updated frequently to maintain compliance.
• Includes resource allotments, budgetary requirements, scheduling, and implementation procedures, and compliance with the policy.

Example

• Specific examples of strategic, tactical, and operational plans for user training.

Description

This lecture focuses on understanding and applying key threat modeling concepts and methodologies. You will learn about critical terms such as assets, threats, vulnerabilities, and controls that are essential for effective cybersecurity. Prepare to explore the nuances of threat analysis and risk management in an organizational context.