SlideShare a Scribd company logo

What is Threat Modeling .pptx

Download as PPTX, PDF
I
Infosectrain3

Threat modeling is a process used by cybersecurity professionals to identify the application, system, network, or business process security vulnerabilities and to develop effective measures to prevent or mitigate threats. It consists of a structured process with these objectives: identify security threats and potential vulnerabilities, define threat and vulnerability criticality, and prioritize remediation methods.

Education
1 of 15
What is Threat Modeling? www.infosectrain.com | sales@infosectrain.com
www.infosectrain.com | sales@infosectrain.com With the enhancement of technology, cyber attackers use the latest tricks and techniques to access unauthorized data and perform malicious activities in the organization’s system or network. Unfortunately, this is due to many security vulnerabilities that go undetected, forming the attack surface.
www.infosectrain.com | sales@infosectrain.com Table of Contents What is threat modeling? How does threat modeling work? Threat modeling methods Advantages of threat modeling Due to the impact of security vulnerabilities, cybersecurity professionals are deploying countermeasures to safeguard the systems, networks, or data. For such instances, threat modeling emerged to identify the vulnerabilities left undetected even after performing traditional security testing methods. What is threat modeling? Threat modeling is a process used by cybersecurity professionals to identify the application, system, network, or business process security vulnerabilities and to develop effective measures to prevent or mitigate threats. It consists of a structured process with these objectives: identify security threats and potential vulnerabilities, define threat and vulnerability criticality, and prioritize remediation methods.
www.infosectrain.com | sales@infosectrain.com How does threat modeling work? Threat modeling works by identifying the various types of threats that can affect an application or system. Organizations analyze software architecture, business context, and other artifacts while accomplishing threat modeling. In general, organizations perform threat modeling in the designing stage of an application to help developers identify the security vulnerabilities in their design, code, or deployment.
www.infosectrain.com | sales@infosectrain.com Threat modeling methods Various types of threat modeling methods are used to protect from cyber threats. They are as follows: Attack tree: The attack tree is one of the oldest and most commonly used threat modeling methodologies, designed to develop a conceptual diagram illustrating how an asset or target is attacked, with the root node, leaves, and children nodes. This methodology is often combined with other threat modeling methods such as PASTA, STRIDE, etc. Common Vulnerability Scoring System (CVSS): CVSS is a standard threat modeling method used to help security teams access threats, identify the impact, and develop countermeasures. It helps organizations assess and prioritize vulnerability management processes.
www.infosectrain.com | sales@infosectrain.com DREAD: It was also developed by Microsoft, which dropped in 2008 due to a lack of consistent ratings. Many other organizations use the DREAD methods to rank and assess security threats. •Damage potential: Ranks the severity of the threat •Reproducibility: Ranks how the attack is reproducing easily •Exploitability: Rating the effort required to initiate the attack •Affected users: Collecting the number of users affected if an attack becomes widely available •Discoverability: Rate how easy to identify the threat
www.infosectrain.com | sales@infosectrain.com OCTAVE: The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) threat modeling methodology is a risk-based strategic assessment and planning method. It aims at assessing organizational risks in three phases: •Creating asset-based threat profiles •Identifying vulnerabilities •Developing and planning a security strategy PASTA: Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric methodology that provides threat identification, enumeration, and scoring. Because of its static framework, it is easy to implement and understands the risks of the application. STRIDE: It is a well-known threat modeling methodology developed by Microsoft that provides a mnemonic approach for identifying security threats in six types: •Spoofing: An attacker pretending as another user, component, or system feature to steal the data in the system. •Tampering: Replicating data in the system to achieve a malicious goal. •Repudiation: Due to the lack of evidence, the attacker can deny the malicious activities performed in the system. •Information disclosure: Making protected data accessible to unauthorized users. •Denial of Service: An attacker uses illegitimate methods to exhaust services required to serve users.
www.infosectrain.com | sales@infosectrain.com TRIKE: TRIKE is a unique and open source threat modeling method that aims at security auditing processes from cyber risk management. It offers a risk-based approach with an individual risk modelling process. The Data Flow Diagram (DFD) is generated with the requirements to understand how the system stores and manipulates data—implementing mitigation controls to prioritize the threats and then developing a risk model based on the actions, roles, assets, and threats. VAST: Visual, Agile, Simple Threat Modeling (VAST) is an automated threat modeling method to differentiate the application and operational threat models. It is designed to integrate the workflows that require stakeholders such as developers, application architects, cybersecurity professionals, etc.
www.infosectrain.com | sales@infosectrain.com Threat Hunting Professional training with InfosecTrain InfosecTrain is one of the best security and technology training providers that offer a wide range of IT security training and Information Security (IS) consulting services. It conducts a Threat Hunting Professional online training course to provide participants with a complete understanding of the threat hunting methodologies and frameworks.
About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
Our Endorsements www.infosectrain.com | sales@infosectrain.com
Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

Recommended

6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies
EC-Council
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
zakieh alizadeh
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
Infosectrain3
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
Bryan Fendley
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
yoroflowproduct
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 

Recommended

6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies
EC-Council
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
abhimanyubhogwan
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
zakieh alizadeh
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
Infosectrain3
 
Fendley how secure is your e learning
Fendley how secure is your e learningFendley how secure is your e learning
Fendley how secure is your e learning
Bryan Fendley
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
yoroflowproduct
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Marco Morana
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devices
Frédéric Sagez
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
AshuPatel64
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
AshuPatel64
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
Sprintzeal
 
Technology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk AdvisoryTechnology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk Advisory
CR Group
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
99X Technology
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
Nirosh Jayaratnam
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
Afour tech
 
What Are The Job Roles In Cyber Security.pdf
What Are The Job Roles In Cyber Security.pdfWhat Are The Job Roles In Cyber Security.pdf
What Are The Job Roles In Cyber Security.pdf
Bytecode Security
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
Mel Drews
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
Assessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP ApplicationsAssessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP Applications
sebastianschinzel
 
Cybersecurity in Software Development | Panoramic Infotech
Cybersecurity in Software Development | Panoramic InfotechCybersecurity in Software Development | Panoramic Infotech
Cybersecurity in Software Development | Panoramic Infotech
panaromicinoftechs
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Aujas
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web Applications
Nadia BENCHIKHA
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
Rajeev Venkata
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
AHM Pervej Kabir
 
Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdf
Infosectrain3
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdf
Infosectrain3
 

More Related Content

Similar to What is Threat Modeling .pptx

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Marco Morana
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
Rochester Security Summit
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devices
Frédéric Sagez
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
AshuPatel64
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
AshuPatel64
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
Sprintzeal
 
Technology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk AdvisoryTechnology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk Advisory
CR Group
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
99X Technology
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
Nirosh Jayaratnam
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
Afour tech
 
What Are The Job Roles In Cyber Security.pdf
What Are The Job Roles In Cyber Security.pdfWhat Are The Job Roles In Cyber Security.pdf
What Are The Job Roles In Cyber Security.pdf
Bytecode Security
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
Alan Holyoke
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
Mel Drews
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
Marco Morana
 
Assessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP ApplicationsAssessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP Applications
sebastianschinzel
 
Cybersecurity in Software Development | Panoramic Infotech
Cybersecurity in Software Development | Panoramic InfotechCybersecurity in Software Development | Panoramic Infotech
Cybersecurity in Software Development | Panoramic Infotech
panaromicinoftechs
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Aujas
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web Applications
Nadia BENCHIKHA
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
Rajeev Venkata
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
AHM Pervej Kabir
 

Similar to What is Threat Modeling .pptx (20)

Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Threat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devicesThreat Modelling and managed risks for medical devices
Threat Modelling and managed risks for medical devices
 
Security_by_Design.pptx
Security_by_Design.pptxSecurity_by_Design.pptx
Security_by_Design.pptx
 
Security_by_Design.pdf
Security_by_Design.pdfSecurity_by_Design.pdf
Security_by_Design.pdf
 
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONSCYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
CYBER SECURITY ANALYST - HOW TO BECOME, JOB DEMAND AND TOP CERTIFICATIONS
 
Technology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk AdvisoryTechnology for Cyber Security - Cyberroot Risk Advisory
Technology for Cyber Security - Cyberroot Risk Advisory
 
How to develop an AppSec culture in your project
How to develop an AppSec culture in your project How to develop an AppSec culture in your project
How to develop an AppSec culture in your project
 
Building an AppSec Culture
Building an AppSec Culture Building an AppSec Culture
Building an AppSec Culture
 
Best Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docxBest Practices, Types, and Tools for Security Testing in 2023.docx
Best Practices, Types, and Tools for Security Testing in 2023.docx
 
What Are The Job Roles In Cyber Security.pdf
What Are The Job Roles In Cyber Security.pdfWhat Are The Job Roles In Cyber Security.pdf
What Are The Job Roles In Cyber Security.pdf
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Application Threat Modeling In Risk Management
Application Threat Modeling In Risk ManagementApplication Threat Modeling In Risk Management
Application Threat Modeling In Risk Management
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Assessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP ApplicationsAssessing and Measuring Security in Custom SAP Applications
Assessing and Measuring Security in Custom SAP Applications
 
Cybersecurity in Software Development | Panoramic Infotech
Cybersecurity in Software Development | Panoramic InfotechCybersecurity in Software Development | Panoramic Infotech
Cybersecurity in Software Development | Panoramic Infotech
 
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber AttackWebinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
Webinar: Get Ready to Detect, Respond & Recover from a Cyber Attack
 
Threat Modeling Web Applications
Threat Modeling Web ApplicationsThreat Modeling Web Applications
Threat Modeling Web Applications
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 

More from Infosectrain3

Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdf
Infosectrain3
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdf
Infosectrain3
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfExploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Infosectrain3
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdf
Infosectrain3
 
Security tips for Travelers.pdf
Security tips for Travelers.pdfSecurity tips for Travelers.pdf
Security tips for Travelers.pdf
Infosectrain3
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfThreat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Infosectrain3
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
Infosectrain3
 
The Cyber Villains.pdf
The Cyber Villains.pdfThe Cyber Villains.pdf
The Cyber Villains.pdf
Infosectrain3
 
Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdf
Infosectrain3
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdf
Infosectrain3
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdf
Infosectrain3
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdf
Infosectrain3
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
Infosectrain3
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Infosectrain3
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Infosectrain3
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptx
Infosectrain3
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptx
Infosectrain3
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptx
Infosectrain3
 
How DNS Works.pptx
How DNS Works.pptxHow DNS Works.pptx
How DNS Works.pptx
Infosectrain3
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptx
Infosectrain3
 

More from Infosectrain3 (20)

Turning off Autofill.pdf
Turning off Autofill.pdfTurning off Autofill.pdf
Turning off Autofill.pdf
 
Targeted Ransomware.pdf
Targeted Ransomware.pdfTargeted Ransomware.pdf
Targeted Ransomware.pdf
 
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdfExploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
Exploring-Biometrics-Security-&-Privacy-Concerns (1).pdf
 
LoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdfLoT & 5G Threats Unveiled1.pdf
LoT & 5G Threats Unveiled1.pdf
 
Security tips for Travelers.pdf
Security tips for Travelers.pdfSecurity tips for Travelers.pdf
Security tips for Travelers.pdf
 
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdfThreat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
Threat Intelligence vs. Threat Assessment vs. Threat Modeling (1).pdf
 
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdfSOC 2 Type 2 Checklist - Part 1 - V2.pdf
SOC 2 Type 2 Checklist - Part 1 - V2.pdf
 
The Cyber Villains.pdf
The Cyber Villains.pdfThe Cyber Villains.pdf
The Cyber Villains.pdf
 
Types of Servers in Computing.pdf
Types of Servers in Computing.pdfTypes of Servers in Computing.pdf
Types of Servers in Computing.pdf
 
Types of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdfTypes of Web Application Firewalls (1).pdf
Types of Web Application Firewalls (1).pdf
 
Google's AI Red Team.pdf
Google's AI Red Team.pdfGoogle's AI Red Team.pdf
Google's AI Red Team.pdf
 
A to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdfA to Z Guide Data Privacy in Operational Technology.pdf
A to Z Guide Data Privacy in Operational Technology.pdf
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptxInterview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
Interview Questions for Microsoft Azure Architect Technologies AZ-303.pptx
 
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptxInterview Questions for Microsoft Azure Architect Design AZ-304.pptx
Interview Questions for Microsoft Azure Architect Design AZ-304.pptx
 
IBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptxIBM QRadar’s DomainTools Application.pptx
IBM QRadar’s DomainTools Application.pptx
 
How to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptxHow to become a SOC Analyst and build a dream career with it.pptx
How to become a SOC Analyst and build a dream career with it.pptx
 
How to Analyze Data (1).pptx
How to Analyze Data (1).pptxHow to Analyze Data (1).pptx
How to Analyze Data (1).pptx
 
How DNS Works.pptx
How DNS Works.pptxHow DNS Works.pptx
How DNS Works.pptx
 
Frequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptxFrequently Asked Questions in the AWS Security Interview.pptx
Frequently Asked Questions in the AWS Security Interview.pptx
 

Recently uploaded

Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
TechSoup
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
National Information Standards Organization (NISO)
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
khuleseema60
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
EduSkills OECD
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
Stack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 MicroprocessorStack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 Microprocessor
JomonJoseph58
 
How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17
Celine George
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47
MysoreMuleSoftMeetup
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
heathfieldcps1
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Fajar Baskoro
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
nitinpv4ai
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
Nguyen Thanh Tu Collection
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
nitinpv4ai
 

Recently uploaded (20)

Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
Elevate Your Nonprofit's Online Presence_ A Guide to Effective SEO Strategies...
 
Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"Benner "Expanding Pathways to Publishing Careers"
Benner "Expanding Pathways to Publishing Careers"
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
Stack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 MicroprocessorStack Memory Organization of 8086 Microprocessor
Stack Memory Organization of 8086 Microprocessor
 
How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17How Barcodes Can Be Leveraged Within Odoo 17
How Barcodes Can Be Leveraged Within Odoo 17
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47Mule event processing models | MuleSoft Mysore Meetup #47
Mule event processing models | MuleSoft Mysore Meetup #47
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptxPengantar Penggunaan Flutter - Dart programming language1.pptx
Pengantar Penggunaan Flutter - Dart programming language1.pptx
 
Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10Haunted Houses by H W Longfellow for class 10
Haunted Houses by H W Longfellow for class 10
 
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
BÀI TẬP DẠY THÊM TIẾNG ANH LỚP 7 CẢ NĂM FRIENDS PLUS SÁCH CHÂN TRỜI SÁNG TẠO ...
 
Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)Bonku-Babus-Friend by Sathyajith Ray (9)
Bonku-Babus-Friend by Sathyajith Ray (9)
 

What is Threat Modeling .pptx

  • 1. What is Threat Modeling? www.infosectrain.com | sales@infosectrain.com
  • 2. www.infosectrain.com | sales@infosectrain.com With the enhancement of technology, cyber attackers use the latest tricks and techniques to access unauthorized data and perform malicious activities in the organization’s system or network. Unfortunately, this is due to many security vulnerabilities that go undetected, forming the attack surface.
  • 3. www.infosectrain.com | sales@infosectrain.com Table of Contents What is threat modeling? How does threat modeling work? Threat modeling methods Advantages of threat modeling Due to the impact of security vulnerabilities, cybersecurity professionals are deploying countermeasures to safeguard the systems, networks, or data. For such instances, threat modeling emerged to identify the vulnerabilities left undetected even after performing traditional security testing methods. What is threat modeling? Threat modeling is a process used by cybersecurity professionals to identify the application, system, network, or business process security vulnerabilities and to develop effective measures to prevent or mitigate threats. It consists of a structured process with these objectives: identify security threats and potential vulnerabilities, define threat and vulnerability criticality, and prioritize remediation methods.
  • 4. www.infosectrain.com | sales@infosectrain.com How does threat modeling work? Threat modeling works by identifying the various types of threats that can affect an application or system. Organizations analyze software architecture, business context, and other artifacts while accomplishing threat modeling. In general, organizations perform threat modeling in the designing stage of an application to help developers identify the security vulnerabilities in their design, code, or deployment.
  • 5. www.infosectrain.com | sales@infosectrain.com Threat modeling methods Various types of threat modeling methods are used to protect from cyber threats. They are as follows: Attack tree: The attack tree is one of the oldest and most commonly used threat modeling methodologies, designed to develop a conceptual diagram illustrating how an asset or target is attacked, with the root node, leaves, and children nodes. This methodology is often combined with other threat modeling methods such as PASTA, STRIDE, etc. Common Vulnerability Scoring System (CVSS): CVSS is a standard threat modeling method used to help security teams access threats, identify the impact, and develop countermeasures. It helps organizations assess and prioritize vulnerability management processes.
  • 6. www.infosectrain.com | sales@infosectrain.com DREAD: It was also developed by Microsoft, which dropped in 2008 due to a lack of consistent ratings. Many other organizations use the DREAD methods to rank and assess security threats. •Damage potential: Ranks the severity of the threat •Reproducibility: Ranks how the attack is reproducing easily •Exploitability: Rating the effort required to initiate the attack •Affected users: Collecting the number of users affected if an attack becomes widely available •Discoverability: Rate how easy to identify the threat
  • 7. www.infosectrain.com | sales@infosectrain.com OCTAVE: The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) threat modeling methodology is a risk-based strategic assessment and planning method. It aims at assessing organizational risks in three phases: •Creating asset-based threat profiles •Identifying vulnerabilities •Developing and planning a security strategy PASTA: Process for Attack Simulation and Threat Analysis (PASTA) is a risk-centric methodology that provides threat identification, enumeration, and scoring. Because of its static framework, it is easy to implement and understands the risks of the application. STRIDE: It is a well-known threat modeling methodology developed by Microsoft that provides a mnemonic approach for identifying security threats in six types: •Spoofing: An attacker pretending as another user, component, or system feature to steal the data in the system. •Tampering: Replicating data in the system to achieve a malicious goal. •Repudiation: Due to the lack of evidence, the attacker can deny the malicious activities performed in the system. •Information disclosure: Making protected data accessible to unauthorized users. •Denial of Service: An attacker uses illegitimate methods to exhaust services required to serve users.
  • 8. www.infosectrain.com | sales@infosectrain.com TRIKE: TRIKE is a unique and open source threat modeling method that aims at security auditing processes from cyber risk management. It offers a risk-based approach with an individual risk modelling process. The Data Flow Diagram (DFD) is generated with the requirements to understand how the system stores and manipulates data—implementing mitigation controls to prioritize the threats and then developing a risk model based on the actions, roles, assets, and threats. VAST: Visual, Agile, Simple Threat Modeling (VAST) is an automated threat modeling method to differentiate the application and operational threat models. It is designed to integrate the workflows that require stakeholders such as developers, application architects, cybersecurity professionals, etc.
  • 9. www.infosectrain.com | sales@infosectrain.com Threat Hunting Professional training with InfosecTrain InfosecTrain is one of the best security and technology training providers that offer a wide range of IT security training and Information Security (IS) consulting services. It conducts a Threat Hunting Professional online training course to provide participants with a complete understanding of the threat hunting methodologies and frameworks.
  • 10. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com
  • 11. Our Endorsements www.infosectrain.com | sales@infosectrain.com
  • 12. Why InfosecTrain Global Learning Partners Flexible modes of Training Tailor Made Training Post training completion Certified and Experienced Instructors Access to the recorded sessions www.infosectrain.com | sales@infosectrain.com
  • 13. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com
  • 14.
  • 15. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com