Threat Modelling and Risk Assessment Chloe Ashford Security

  • Slides: 12
Download presentation
Threat Modelling and Risk Assessment Chloe Ashford Security Consultant Quantum Security

Threat Modelling and Risk Assessment Chloe Ashford Security Consultant Quantum Security

Goal Start thinking about the threats that might impact the applications or systems that

Goal Start thinking about the threats that might impact the applications or systems that you build and how you might protect against them.

Definitions Asset Something that should be protected Vulnerability Weakness or lack of protections Threat

Definitions Asset Something that should be protected Vulnerability Weakness or lack of protections Threat Something that could negatively impact an asset Security Controls Protect against threats, reduce vulnerability Risk The possibility that a threat will exploit a vulnerability to harm an asset Risk = Threat * Vulnerability

Why? Noncompliance Data Loss Weight/Cost of Risk Realisation Monetary Cost Reputation Weight/Cost of Countermeasures

Why? Noncompliance Data Loss Weight/Cost of Risk Realisation Monetary Cost Reputation Weight/Cost of Countermeasures

When? After Implementation • High cost to fix issues • More vulnerabilities = more

When? After Implementation • High cost to fix issues • More vulnerabilities = more risk During Development • Consider security during system design and development to reduce vulnerabilities • Ongoing

How? Threat Modelling Analysing the Application/System Determining Threats What does the system do? What

How? Threat Modelling Analysing the Application/System Determining Threats What does the system do? What could go wrong? Addressing Threats What can you do?

System Analysis Functions? Data? CIA? Users? Technology used? Interfaces? Connected systems? Data flow diagrams

System Analysis Functions? Data? CIA? Users? Technology used? Interfaces? Connected systems? Data flow diagrams – creating a visual representation of an application

Identifying Threats STRIDE Provides 6 threat categories to support threat identification Spoofing of user

Identifying Threats STRIDE Provides 6 threat categories to support threat identification Spoofing of user identity Tampering Repudiation Information disclosure Denial of service Elevation of privilege

Identifying Threats - Tips • Start with external entities (but don’t forget the internal

Identifying Threats - Tips • Start with external entities (but don’t forget the internal ones) • Never ignore a threat because it’s not what you’re looking for right now. • Focus on feasible threats

Example – Blizzard Website Gamer Web Browser User Info Disclosure Session hijacking Internet Logic

Example – Blizzard Website Gamer Web Browser User Info Disclosure Session hijacking Internet Logic Flow Attack SQL Injection Database Web Server Application Server Flooding Requests Insufficient Logging

Addressing Threats Mitigate it Make it harder to execute e. g. password Eliminate it

Addressing Threats Mitigate it Make it harder to execute e. g. password Eliminate it Remove the feature/function e. g. command line admin Transfer it Let someone else handle it e. g. payment gateway Accept it Acknowledge the risk

Thanks! chloe@quantumsecurity. co. nz Threat modelling: Designing for Security, Adam Shostack, 2014 THE ART

Thanks! chloe@quantumsecurity. co. nz Threat modelling: Designing for Security, Adam Shostack, 2014 THE ART OF THREAT MODELING FOR IT RISK MANAGEMENT: Solving the application risk riddle, Ed Adams, n. d.