Simplifying Threat Modeling

Explore a simplified approach to threat modeling in this 44-minute conference talk from LASCON 2012. Learn about the anatomy of an attack, threat traceability matrix, and elements of a threat model. Discover a streamlined framework for threat modeling, including steps to diagram software architecture, enumerate attack surfaces, and visualize users as potential threats. Gain insights on illuminating assets and trust boundaries, postulating attacks against assets, evaluating impact, and implementing mitigation strategies. Understand how to act on threat modeling results and simplify the overall process to enhance your cybersecurity practices.

Intro
Today's Threat Modeling Theme
What is a Threat?
Threat Example - Mobile Architecture
Anatomy of an Attack
Threat Traceability Matrix
Elements of a Threat Model
Simplified Threat Modeling Framework
Diagram Software Architecture
Enumerate Attack Surface(s)
Each User Class Becomes a Threat
Malicious Intent Creates New Threat
Visualize Normal Users as Threats
Re-consider Attack Surface(s)
Capture 'Who', 'Where', and 'What'
Illuminate Assets
Illuminate Trust Boundaries
Postulate Attacks Against Assets
Evaluate Impact
Mitigate
7+1 Threat Modeling Steps
Acting on Threat Modeling Results
Simplifying Threat Modeling