Building a Culture of Threat Modeling
The growth and complexity of modern cyber threats has led cyber-forward enterprises to implement practices that predict the techniques of their adversaries. Sophisticated information security teams are increasingly adopting proactive measures to understand the landscape of potential security threats and adapt accordingly.
What is a Threat Model
Threat modeling is a structured approach for reviewing and assessing an application’s architectural security. This allows security risks, that exist as a result of the application’s design, to be identified and addressed. The threat model is accompanied by system architecture, design, and data flow documentation, performed by a skilled threat modeller, that uncovers security weaknesses in an application or platform. The results of a threat model provides application and platform stakeholders with a comprehensive understanding of the system and associated security gaps.
ABOUT THE AUTHORS
Danish Ali, CISM, is a former Consultant within DayBlink’s Cybersecurity Center of Excellence
Jacob Armijo, CISM, is a Senior Consultant and Chief of Staff of DayBlink’s Cybersecurity Center of Excellence
Justin Whitaker is a Partner and Practice Lead of DayBlink’s Cybersecurity Center of Excellence and is based in the Vienna, Virginia office
Research contributions from: Chloe Spetalnick, Martin Badinelli, and DayBlink’s Cybersecurity Center of Excellence