Break down the architecture of the systems and application, including the underlying network and host infrastructure design, security profiles, implementation, as well as the deployment configuration of the systems and applications. Documentation should include a system, trust boundaries, and data flow.ĭecompose the security components and applications. Gather simple diagrams and related information that show how the systems are connected, both physically and logically. Identify the valuable assets that the systems must protect.Ĭreate an architecture overview. The steps to perform threat modeling are: In addition, the infrastructure, system, or solution is always changing, and new threats are found. The reason for multiple passes is that it is impossible to identify all of the possible threats in a single pass. Threat modeling is an iterative process it should be started when designing a system or solution and should be performed throughout the system or solution lifecycle. It addresses the top threats that have the greatest potential impact to an organization. Threat modeling is a procedure for optimizing network security by identifying vulnerabilities, identifying their risks, and defining countermeasures to prevent or mitigate the effects of the threats to the system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |