Overview#
Threat Model (or Threat landscape) describes the capabilities that an attacker is assumed to be able to deploy against a resource. BCP 72Threat Model should contain such information as the resources available to an attacker in terms of
- information or data
- computing capability
- control of the system
Threat Model purpose is twofold. First, we wish to identify the threats we are concerned with. Second, we wish to rule some threats explicitly out of scope. Nearly every security system is vulnerable to a sufficiently dedicated and resourceful attacker.
Threat Model helps you identify Vulnerabilities to the entities you value and determine from whom you need to protect them. When building a threat model, answer these five questions:
- What do I want to protect? (Resources)
- Who do I want to protect it from? (Attackers)
- How bad are the consequences if I fail? (Regulatory Risk, Operational Risk or Real Risk)
- How likely is it that I will need to protect it? (consider Attack Effort)
- How much trouble am I willing to go through to try to prevent potential consequences? (Acceptable risk)
For a closer look at each of these questions.
Threat Model reviews should be performed any time a Resource is created and periodically as Attacks and Vulnerabilities change over time.
Internet Threat Model#
Internet Threat Model is described in BCP 72 as a fairly well understood Threat Model.Components of the Threat Model#
More Information#
There might be more information for this subject on one of the following:- Internet Threat Model
- OAuth 2.0 Threat Model and Security Configurations
- Perfect Security
- Risk Assessment
- Targeted Attack
- Threat landscape
- [#1] - Assessing Your Risks
- based on information obtained 2017-10-13-