How to model threats?
The process of threat modeling can vary based on multiple factors. However, in general, the threat modeling process can be broken down into the following steps:
- Identification of security objectives: Before we actually get started with threat modeling, it is absolutely important to understand the objectives behind doing the threat modeling exercise. It may be possible that there are certain compliance or regulatory requirements that need to be addressed. Once the driving factors are understood, it becomes easier to visualize probable threats during the process.
- Identification of assets and external factors/dependencies: Unless we know precisely what are we trying to protect, it just won't be possible to enumerate threats. Identifying assets helps build a basis for further modeling processes. Assets need protection from attackers and may need to be prioritized for countermeasures. There's also a need to identify any possible external entity or dependency that may not be...