Upcoming SlideShare
×

# Corporate Threat Modeling v2

940 views

Published on

Presentation by Charl der Walt and Francesco Geremla at The ITweb security summit in 2009.

This presentation is about the methodology behind version 2 of Sensepost's threat modeling tool, the corporate threat modeller.

Published in: Technology, Business
0 Likes
Statistics
Notes
• Full Name
Comment goes here.

Are you sure you want to Yes No
Your message goes here
• Be the first to comment

• Be the first to like this

Views
Total views
940
On SlideShare
0
From Embeds
0
Number of Embeds
35
Actions
Shares
0
20
0
Likes
0
Embeds 0
No embeds

No notes for slide

### Corporate Threat Modeling v2

1. 1. 1
2. 2. 2
3. 3. 3
4. 4. 4
5. 5. 5
6. 6. 6
7. 7. 7
8. 8. Single loss expectancy (SLE) is the value you expect to lose each time a riskoccurs. You calculate SLE by using the following formula: SLE = AV x EF 8
9. 9. Single loss expectancy (SLE) is the value you expect to lose each time a riskoccurs. You calculate SLE by using the following formula: SLE = AV x EF 9
10. 10. Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the following formula: ALE = SLE xARO 10
11. 11. Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the following formula: ALE = SLE xARO 11
12. 12. Annual loss expectancy (ALE) is the value you expect to lose to a given riskeach year. You calculate ALE by using the following formula: ALE = SLE xARO 12
13. 13. 13
14. 14. 14
15. 15. 15
16. 16. 16
17. 17. 17
18. 18. 18
19. 19. Microsoft says:Provides a consistent methodology for objectively identifying and evaluatingthreats to applications.Translates technical risk to business impact.Empowers a business to manage risk.Creates awareness among teams of security dependencies and assumptions. 19
20. 20. 20
21. 21. Step 1: Identify security objectives.Clear objectives help you to focus the threat modeling activity and determinehow much effort to spend on subsequent steps.Step 2: Create an application overview.Itemizing your applications important characteristics and actors helps you toidentify relevant threats during step 4.Step 3: Decompose your application.A detailed understanding of the mechanics of your application makes it easierfor you to uncover more relevant and more detailed threats.Step 4: Identify threats.Use details from steps 2 and 3 to identify threats relevant to your applicationscenario and context.Step 5: Identify vulnerabilities.Review the layers of your application to identify weaknesses related to yourthreats. Use vulnerability categories to help you focus on those areas wheremistakes are most often made. 21
22. 22. 22
23. 23. 23
24. 24. 24
25. 25. 25
26. 26. 26
27. 27. Would prefer to use a diagram here 27
28. 28. 28
29. 29. 29
30. 30. 30
31. 31. 31
32. 32. 32
33. 33. 33
34. 34. 34
35. 35. 35
36. 36. 36
37. 37. Define Locations, Interfaces & Users (Trust Levels) But not “assets”, asorganizations are too complexCreate a map showing how Locations, Users and Interfaces relate Users are restricted to locations Interfaces are exposed to locations 37
38. 38. Risks are gleamed from three sources Analyst Experience Organizational History Group BrainstormingEach Risk has key elements Likelihood ImpactUse an iterative process to describe the Risk, apply it to an Interface, then refine as requiredA new Risk is added if: Likelihood or Impact differs The required defense is likely to differ 38
39. 39. This creates a Threat Vector Directly linked: What Interfaces could this Risk Impact? Indirectly linked: What Trust Level is required? At which location would such Users be found? 39
40. 40. The Threat Vector therefore becomes a 4-Tuple Risk, Interface, Location, User A many-to-many relation means the number of Threat Vectors scales linearly 40
41. 41. Tests could be any of Focused Technical Tests E.g. Penetration Test Sample Data Drawn from existing monitoring systems e.g. Incident Logs or previous assessments Interviews Conducted with relevant individuals or teams Policy and procedure reviews Research Drawing on external sourcesThe more tests are conducted the more certainty we haveHowever, the most ‘efficient’ tests are easily calculated by considering theWeights of all the Threat Vectorsimpacted 41
42. 42. 44
43. 43. 45
44. 44. 46
45. 45. 47
46. 46. 48
47. 47. 49
48. 48. 50
49. 49. 51
50. 50. 52
51. 51. 53
52. 52. 54
53. 53. 55
54. 54. 56
55. 55. 57
56. 56. 58
57. 57. 59
58. 58. 60
59. 59. 61
60. 60. 62
61. 61. 63
62. 62. 64
63. 63. 65
64. 64. 66