CHAPTER 2OBJECTIVES AND BENEFITS OF THREAT MODELING

DEFINING A RISK MITIGATION STRATEGY

There are known unknowns; that is to say there are things that we now know we don't know.

But there are also unknown unknowns – there are things we do not know, we don't know.

United States Secretary of Defense Donald Rumsfeld

In today's digital economy, businesses provide valuable information and services to their customers online. The value of this information might vary depending on different factors such as the sensitivity of the information content such an intellectual property and confidential data. Since sensitive data flows through online channels and between the customer web and mobile clients and the web applications that are managed by the businesses, it is suitable target by value driven threat actors. Examples include cyber-criminals seeking to steal confidential data from bank customers for committing various crimes such as identify theft, stealing money from bank accounts, account take over, money laundering, credit/debit card counterfeiting, and online fraud. Fraudsters have an arsenal of cybercrime tools at their disposal for targeting online bank applications and bank customers. Online banking money movement transactions such as transferring money between bank accounts, for example, are targeted by fraudsters using banking malware. Personal customer details are targeted for identity theft and to impersonate the real customers in online banking transactions. Credit card ...

Get Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.