Cybersecurity – Threat Modeling to Predict Attacks

Introduction

Over the last decade, the field of cybersecurity has faced dramatic changes, and cyber-threats have become more severe. This is because attackers are employing sophisticated dimensions to breach organizational systems. Moreover, the stakes at risk are becoming more substantial. The current efforts for responding to cyberattacks are reactionary or defensive, which means that the threats are only evaluated and removed after systems have been exploited.

We will write a
custom essay
specifically for you

for only $16.05 $11/page
308 certified writers online
Learn More

Nevertheless, these reactionary mechanisms are time-consuming, expensive, and are becoming increasingly ineffectual because cyber threats are becoming more coordinated and harder to detect (Bodeau, McCollum & Fox, 2018). As a result, organizations are shifting towards seeking more effective ways of understanding, predicting, and proactively planning for attacks that would happen in the future. This paper aims to examine the various threat modeling methodologies, processes, in addition to the benefits they provide.

Threat Modeling Methodologies

Threat modeling is defined as the process through which all information affecting the security of an application is captured, organized, and analyzed. There are several threat modeling techniques. Generally, threat modeling methodologies have been implemented with regards to the attacker-centric, software-centric, and asset-centric approaches. Based on literature, the commonly used methodologies comprise the STRIDE, DREAD, TRIKE, and the attack graph or tree (Palanivel & Selvadurai, 2014). The STRIDE is an acronym that stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

It is used to identify both threats and their feasible mitigation. On the other hand, DREAD is a mnemonic for Damage, Reproducibility, Exploitability, Affected users and Discoverability. It is used to quantify, compare, and prioritize risks associated with the identified cyber threats. Furthermore, P.A.S.T.A (Process for Attack Simulation and Threat Analysis) comprises a seven-step methodology that is centered on identifying, enumerating, and scoring threats. Lastly, the attack graph or tree is in the form of a tree-structured graph having one node, leaves, and multi-children. It is beneficial in helping identify potential attacks to a network as is objectifies to identify weak points in the system.

Threat Modeling Processes

The various threat modeling methodologies employ two main inputs, which include the data flow and process flow diagram. The threat modeling process in data flow begins with the creation of a visual representation of the network being analyzed. It is employed in identifying a broad category of threats. The data flow diagram utilizes three steps: viewing the network as an adversary, characterizing the system, and determining the threats. However, it also has its weaknesses; for instance, it does not accurately represent design and application flow (Bodeau et al., 2018). Moreover, it shows limited threats; hence, it is regarded as a weak starting point for modeling.

As a result, the process flow diagram was designed to circumvent the limitations of the data flow diagram. It was mainly created to illustrate how an attacker thinks; thus, allowing for the development of threat models centered on the application design process (Bodeau et al., 2018). The procedure of the process flow diagram based threat modeling starts with the creation of “fictional” attacker cases. This is then followed by the establishment of communication and technical protocols through which I.T. professionals will be used to maneuver situations. The advantage of P.F.D. threat modeling is that they do not require any security expertise, hence easy to understand, and it is easy to understand an application from the attacker’s perception.

Benefits of threat Modeling

Modeling cyber threats and predicting attacks is a critical issue in securing an organization’s network. This is because it holds numerous benefits. First and foremost, it is time-efficient as automated threat modeling methodologies are essential in building applications in a fast-paced environment. Second, threat modeling has relatively high scalability, in which threat modeling for applications scales better than diagrams. Third, the various threat modeling technologies offered by consultant companies are usually created and maintained by their expert knowledge-base. Fourth, they typically have a force multiplicity capability that allows a company’s I.T. professionals to accomplish more by leveraging automation. Lastly, most current technologies operationalize on the threat model output, which is enhanced using training and software development lifecycle integration.

Get your
100% original paper
on any topic

done in as little as
3 hours
Learn More

Predicting Cyberattacks Using Threat Modeling Tools

Currently, there are a number of tools available to perform a systemic analysis of attack vectors. They include Microsoft’s threat modeling tool, MyAppSecurity, IriuRisk, securiCAD, Tiramisu, CVSS 3.0, and S.D. Elements (Lahoti & Shukla, 2015).

Conclusion

Cyber threats are increasingly becoming a sensitive issue to the technological world. Therefore, because conventional defensive strategies are not entirely effective, there is a need to couple them with proactive strategies, such as threat modeling methodologies.

References

Bodeau, D. J., McCollum, C. D., & Fox, D.B. (2018). Cyber threat modeling: Survey, assessment, and representative framework. Web.

Lahoti, P., & Shukla, P. (2015). Threat modeling methodology and tools. International Journal of Computer Science and Mobile Computing, 4(7), 174-179.

Palanivel, M., & Selvadurai, K. (2014). Risk-driven security testing using risk analysis with threat modeling approach. SpringerPlus, 3(754), 1-14. Web.

Print Сite this

Cite this paper

Select style

Reference

StudyCorgi. (2021, July 4). Cybersecurity - Threat Modeling to Predict Attacks. Retrieved from https://studycorgi.com/cybersecurity-threat-modeling-to-predict-attacks/

Work Cited

"Cybersecurity - Threat Modeling to Predict Attacks." StudyCorgi, 4 July 2021, studycorgi.com/cybersecurity-threat-modeling-to-predict-attacks/.

1. StudyCorgi. "Cybersecurity - Threat Modeling to Predict Attacks." July 4, 2021. https://studycorgi.com/cybersecurity-threat-modeling-to-predict-attacks/.


Bibliography


StudyCorgi. "Cybersecurity - Threat Modeling to Predict Attacks." July 4, 2021. https://studycorgi.com/cybersecurity-threat-modeling-to-predict-attacks/.

References

StudyCorgi. 2021. "Cybersecurity - Threat Modeling to Predict Attacks." July 4, 2021. https://studycorgi.com/cybersecurity-threat-modeling-to-predict-attacks/.

References

StudyCorgi. (2021) 'Cybersecurity - Threat Modeling to Predict Attacks'. 4 July.

Copy to clipboard

This paper was written and submitted to our database by a student to assist your with your own studies. You are free to use it to write your own assignment, however you must reference it properly.

If you are the original creator of this paper and no longer wish to have it published on StudyCorgi, request the removal.

Psst... Stuck with your
assignment? 😱
Susan
Online
Psst... Stuck with your assignment? 😱
Do you need an essay to be done?
Yes
What type of assignment 📝 do you need?
Yes
How many pages (words) do you need? Let's see if we can help you!
Yes