Josh Brown

Threat modeling is a critical part of application security, and it is a proactive and structured process used to identify and measure risks associated with a system to determine any needed design changes or risk mitigations. There are many different risk assessment (RA) frameworks and threat modeling techniques. Most are incomplete and contradict the wider concept of security risk programs for an organization. There is not one correct framework to be used for all RAs and threat models. If you understand which one to use for different situations, you can build a healthy RA and threat modeling program.

The following are indicators of a healthy RA and threat modeling program:

• It will not be a blocker.

• It will keep pace with high-velocity Agile development/project teams by contributing vetted architecture blueprints to the organization’s library for future use. This increases developer velocity by pulling from these vetted designs. This also speeds up design reviews. This lowers costs by reducing development effort and waste.

• It will reduce effort related to security incidents, mitigations, audit responses, and certifications.

• It will, most importantly, build trust between security and other departments.

Properly scoping questions are the most important part of threat modeling engagements. The following are tips on how ...