FEBRUARY 2021
Due to finite resources of the system owner, it is difficult to mitigate every vulnerability within a system. Therefore, system owners must prioritise risks and treat them accordingly. A key step in determining risk is identifying threat events, which contribute to the likelihood and impact of risk. A threat event refers to any event during which a threat actor, by means of threat vector, acts against an asset in a manner that has the potential to cause harm. In the context of cybersecurity, threat events can be characterised by the tactics, techniques and procedures (TTP) employed by threat actors.
Threat modelling helps owners comprehensively identify threat events that are relevant to the system, so that owners can focus on implementing effective control measures to protect key components within the system. This makes it harder for the adversary to compromise key components by establishing a foothold, pivoting and moving laterally within the system. Consequently, system owners can stem and curtail the kill-chain before the adversary reaches the crown jewels. With a threat model, system owners can also avoid blind spots in identifying threat events.
Views: 0
