Skip to Main Content
Threat Modeling
book

Threat Modeling

by Izar Tarandach, Matthew J. Coles
November 2020
Beginner content levelBeginner
249 pages
7h 7m
English
O'Reilly Media, Inc.
Book available
Content preview from Threat Modeling

Chapter 2. A Generalized Approach to Threat Modeling

If you always do what you’ve always done, you’ll always get what you’ve always got.

Henry Ford

Threat modeling as an exercise in analyzing a system design for threats follows a consistent approach that can be generalized into a few basic steps; this chapter presents that general flow. This chapter also provides information on what to look for in your system models, and what you may never be able to discover as a result of threat modeling.

Basic Steps

This section shows the basic steps that outline the general flow of threat modeling. Experienced modelers perform these steps in parallel and, for the most part, automatically; they are continuously assessing the state of the system as the model is being formed, and they may be able to call out areas for concern well before the model has reached an expected level of maturity.

It may take you some time to achieve that level of comfort and familiarity, but with practice these steps will become second nature:

  1. Identify objects in the system under consideration.

    Identify the elements, data stores, external entities, and actors, present in and associated with the system you are modeling, and gather characteristics or attributes as metadata about these things (later in the chapter we provide some sample questions you can use to ease metadata collection). Make note of the security capabilities and controls each object supports or provides, and any clear deficiencies (such as an element ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Threat Modeling

Threat Modeling

Adam Shostack
Security in Computing, 6th Edition

Security in Computing, 6th Edition

Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp

Publisher Resources

ISBN: 9781492056546Errata Page