Please enable JavaScript.
Coggle requires JavaScript to display documents.
5 - Threat Modeling - Coggle Diagram
5 - Threat Modeling
Software/System-Centric
-
Attack Trees
Structured diagrammatic method of modeling how an attacker could achieve a specific goal, breaking it down into sub-goals and attack steps
STRIDE
-
- Model with Data Flow Diagram and Trust boundaries
- Reduction analysis (system decomposition): break the system into smaller components to make threats easier to analyze
- Identify threats using STRIDE categories
-
-
-
-
-
-
- Document and assess threats
-
-
Damage, Reproducibility, Exploitability, Affected Users, and Discoverability (DREAD)
-
Visual, Agile, Simple Threat Modeling (VAST)
a system-centric, scalable methodology that emphasizes automation and integration into Agile/DevOps workflows to bring threat modeling to the enterprise level.
Definition
Security process where potential threats are identified, categorized, and analyzed
-
-
Attacker-Centric
MITRE ATT&CK
Attacker-centric knowledge base that documents real-world adversary tactics, techniques, and procedures (TTPs) across the attack lifecycle.
-
Asset-Centric
-
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
asset- and risk-centric methodology that prioritizes critical assets, identifies threats and vulnerabilities affecting them, and evaluates the resulting organizational risks.