CISSP Domain 3 – Security architecture and engineering, covers essential security engineering topics using plans, designs and principles. It focuses on the different phases in a system lifecycle such as planning, development, testing, the deployment, and maintenance on the system and how to integrate security into the process and systems.
CISSP Threat Modeling
CISSP – Threat modeling is a structured approach to identifying, quantifying, and addressing threats. It allows system security staff to communicate the potential damage of security flaws and prioritize remediation efforts.
Threat modeling covers three main elements:
- Assets: What valuable data and equipment should be secured?
- Threats: What may an attacker do to the system?
- Vulnerabilities: What flaws in the system allow an attacker to realize a threat?
Steps to CISSP threat modeling
- Identify the Assets
- Describe the Architecture Describe the Architecture
- Break down the Applications
- Identify the Threats
- Document and Classify the Threats
- Rate the Threats
STRIDE Methodology
STRIDE threat modelling is a developer focussed threat modelling method based on six common threats that target software.
| Threat | Violation | Violation Method | |
|---|---|---|---|
| S | Spoofing | Authentication | Hacker pretends to be another person, assuming the identity and information in that identity to commit fraud. |
| T | Tampering | Integrity | Data tampering occurs when data or information is changed without authorization. |
| R | Repudiation | Non-repudiation | Repudiation threats happen when a bad actor performs an illegal or malicious operation in a system and then denies their involvement with the attack. |
| I | Information Disclosure | Confidentiality | Providing information to someone who is not authorized. Can sometimes happen when an application or website unintentionally reveals data to unauthorized users. |
| D | Denial of Service (DoS) | Availability | Denial of Service (DoS) attacks restrict an authorized user from accessing resources that they should be able to access. |
| E | Elevation of Privilege | Authorization | Through the elevation of privileges, an authorized or unauthorized user in the system can gain access to other information that they are not authorized to see. |
PASTA Methodology – Process for Attack Simulation and Threat Analysis
Unlike STRIDE which focuses more on the threats and hackers motivation, PASTA combines an attacker perspective while aligning business objectives and technical requirements. PASTA threat modelling is a seven stage framework for assessing your entire cybersecurity posture. Each stage builds on the work carried out in the stage before until stage seven presents the list of priorities to fix your cybersecurity vulnerabilities.
VAST – Visual, Agile, and Simple Threat modeling
VAST stands for Visual, Agile, Simple Threat modeling. Focuses on the necessity of scaling the threat modeling process across the infrastructure and entire SDLC, and integrating it seamlessly into an Agile software development methodology. The methodology widens participation in the threat modeling process and seeks to provide actionable outputs for the unique needs of various stakeholders: application architects and developers, cybersecurity personnel, and senior executives. To provide actionable outputs for key stakeholders, VAST addresses different layers of security concerns of development and infrastructure teams using two types of threat models. Application threat models help DevOps to address security concerns when designing applications, while operational threat models allow infrastructure teams to visualize and mitigate threats across an organization’s infrastructure.
Trike Methodology
TRIKE is an open-source threat modeling methodology that is used when security auditing from a risk management perspective. Trike is made up of two models, The Requirements Model and the Implementation Model. Trike starts by defining a system, and an analyst enumerates the system’s assets, actors, rules, and actions to build a requirement model. TRIKE focuses on this requirements model to assigns acceptable levels of risks to each asset.
The implementation model involves the creation of a Data Flow Diagram (DFD) to illustrate the flow of data and the user performed actions within a system. In this model, threats are analyzed to enumerate and assign a risk value. Based on this, security controls or preventive measures defined to address the threats as per the priority and assigned risks.
DREAD – Disaster, Reproducibility, Exploitability, Affected Users and Discoverability Methodology
DREAD stands for Disaster, Reproducibility, Exploitability, Affected Users and Discoverability. The DREAD model quantitatively assesses the severity of a cyberthreat using a scaled rating system that assigns numerical values to risk categories.
- Disaster (Damage Potential) — How severe is the damage likely to be if the threat is realised?
- Reproducibility — How complicated is it for attackers to reproduce the exploit?
- Exploitability — How hard is it to perform the attack?
- Affected Users — How may users are likely to be affected by the attack (as a percentage)?
- Discoverability — How hard is it for an attacker to discover the weakness?
