Threat Modeling

A description of a set of security aspects.

SpearTip will work with your team to determine what the real threats are for an application or device within your organization and in turn work with you to build a remediation plan to combat these threats.

Threat Modeling involves a 6 step process:

1. Identify Assets
2. Create a Brand Overview
3. Decompose the Brand
4. Identify the Threats
5. Document the Threats
6. Rate the Threats

The simplest way to understand the cycle of Threat Modeling is that the THREAT is realized through an ATTACK which is materialized through VULNERABILITY which is mitigated with a COUNTERMEASURE. The level of a threat can be classified (ranked) according to risk factors to support risk mitigation decision making strategy.

Threats can be resolved by:

1. Risk Acceptance – doing nothing
2. Risk Transference – pass the risk to an externality
3. Risk Avoidance – removing the feature/component that causes the risk, or
4. Risk Mitigation – decreasing/eliminating the risk

A mitigation strategy should be examined for each threat and should be chosen according to the appropriate method. Each decision should be decided according to risk level and the cost to be occurred during mitigation. SpearTip stands by to help you model and implement these processes.