O'Reilly logo

Threat Modeling: Designing for Security by Adam Shostack

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9Trade-Offs When Addressing Threats

After you create a list of threats, you should consider whether standard approaches will work. It is often faster to do so than to assess the risk trade-offs and the variety of ways you might deal with the problem. Of course, it's helpful to understand that there are ways to manage risks other than the tactics and technologies you learned about in Chapter 8, “Defensive Tactics and Technologies,” and those more complex approaches are the subject of this chapter.

For each threat in your list, you need to make one or more decisions. The first decision is your strategy: Should you accept the risk, address it, avoid it, or transfer it? If you're going to address it, you must next decide when, and then how? There are a variety of ways to think about when to address the threat. Table 9.1 provides an example to make these choices appear more concrete and to help separate them:

Table 9.1 Sample Risk Approach Tracking Table

Item # Threat Why Not Use Standard Mitigation? Strategy Approach
1 Physical tampering We don't own the hardware. Accept Document on website

This may seem like a lot of things to do for every threat, but the first approach to fixing most issues is to try to apply standard mitigations, and only look for an alternative when that fails.

This chapter first teaches you about risk management, in the sense of avoiding, addressing, accepting, or transferring risks. You'll learn how to apply risk management to software design. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required