Overview#Threat Model describes the capabilities that an attacker is assumed to be able to deploy against a resource. BCP 72
Threat Model should contain such information as the resources available to an attacker in terms of
- computing capability
- control of the system
Threat Model purpose is twofold. First, we wish to identify the threats we are concerned with. Second, we wish to rule some threats explicitly out of scope. Nearly every security system is vulnerable to a sufficiently dedicated and resourceful attacker.
- What do I want to protect? (Resources)
- Who do I want to protect it from? (Attackers)
- How bad are the consequences if I fail? (Regulatory Risk, Operational Risk or Real Risk)
- How likely is it that I will need to protect it? (consider Attack Effort)
- How much trouble am I willing to go through to try to prevent potential consequences? (Acceptable risk)
For a closer look at each of these questions.