The art of threat modeling: 3 frameworks to know (2024)

Table of Contents
STRIDE LINDDUN Security decision trees When to use threat modeling frameworks Use a diversity of techniques to understand threats

Editor’s note: The following is a guest article from William Dupre, a VP analyst at Gartner in the Gartner for Technical Professionals Security and Risk Management Strategies team.

Despite consistent headlines of breach after breach, organizations still struggle to understand the security threats that could impact their systems.

To get a better understanding of threats and where weaknesses may exist, security leaders should look to threat modeling — a form of risk assessment used to identify exposures and mitigations in a system.

Threat modeling is an architecture-level process for reviewing a system design, listing threats and mitigations, validating controls and mapping out the attack surface of a system. This can be for an application, a network, a device, containers or any system or element of software or hardware.

Here are three threat models to consider and how to use them:

STRIDE

STRIDE, a mnemonic, is one of the most popular threat modeling frameworks.

  • Spoofing: An attacker attempts to impersonate an entity — for example, a user, a service — that interacts with some part of the system.
  • Tampering: An attacker tries to modify data to manipulate some outcome.
  • Repudiation: A user is able to deny actions, leading to a lack of attribution.
  • Information disclosure: A system exposes information not intended to be released or that can be used for malicious purposes.
  • Denial of service: Normal access to a system is restricted or prevented.
  • Elevation of privilege: Permissions or authorizations not available to an entity are granted.

LINDDUN

Organizations that have concerns about data privacy should include a more focused threat modeling approach. One such framework is LINDDUN, which provides a catalog of privacy threats to enable the investigation of a wide range of design issues that could impact privacy.

The acronym “LINDDUN” represents the following privacy threat types:

See Also
What is a vulnerability disclosure and why is it important?

  • Linking: The ability to associate data or actions to an individual or group.
  • Identifying: Learning the identity of an individual.
  • Nonrepudiation: Being able to attribute a claim to an individual.
  • Detecting: Deducing the involvement of an individual by observing.
  • Data disclosure: Excessively collecting, storing, processing or sharing personal data.
  • Unawareness: Insufficiently informing, involving or empowering individuals in the processing of personal data.
  • Noncompliance: Deviation from security and data management best practices, standards and legislation.

The methodology for both STRIDE and LINDDUN consists of modeling a system (using a data flow diagram), identifying where threats could impact the system, and determining where controls can be put in place to mitigate those threats.

Security decision trees

Security decision trees are an attacker-centric threat modeling technique that allows teams to model how an attack might unfold using a tree structure. The attack scenario models the actions an attacker might take at each stage of an attack and what a system can do to counter the attacker.

This approach can help teams understand the attacker mindset and decision-making process, along with the return on investment (ROI) of the attack.

When to use threat modeling frameworks

Organizations should use these frameworks during specific points in time within risk assessment processes to get a broad and consistent understanding of threats. These points should align with the different phases of system evolution that include initial system design, legacy system review and strategic IT or business changes.

The frameworks can be used as stand-alone approaches or as a further analysis complementary to each other. The process could be further enhanced with adversary tactics and techniques as defined by the MITRE ATT&CK framework or the Lockheed Martin Cyber Kill Chain framework.

Use a diversity of techniques to understand threats

Using frameworks to perform threat modeling is an important component of an organization’s risk assessment process. The frameworks should be used, as a manual effort or along with automated solutions, to understand threats.

However, instilling a threat-conscious mindset into the organization will take a diversity of techniques. Some of the techniques are informal, and those, listed below, get to the heart of the art of threat modeling.

  • The devil’s advocate: Organizations need to break out of their echo chambers and have their assumptions challenged. Complacency can breed insecurity. What is needed is for organizations to have people and/or processes in place to arouse them from the sleep of the status quo.
  • Analogical thinking: Sometimes it is important to be able to draw connections between something that is familiar and something that is alien to our understanding. Such connections can help us better understand new and complex issues and enable us to communicate such issues.
  • Model once, apply to many: Organizations typically have hundreds, if not thousands, of applications and systems in their environment. Often, what must be considered is that not all of these systems or applications are unique in every dimension. It is possible that lessons learned from one threat model can be applied to multiple systems or applications.

When considering who to involve in threat modeling, it is important that a diversity of roles within the organization are involved in these exercises so that a complete picture of the threat landscape can be illustrated.

For instance, business roles help provide context to what is being modeled, while security roles provide guidance on how a threat could unfold. Architects and developers will also provide insights into components of the application and infrastructure.

Using any of these threat modeling techniques will allow employees to be more threat conscious where they can use better judgment with respect to cyber activities.

It is an important trait in a world where common threats persist because they consistently work and new threats emerge to adapt to new technologies and sociotechnical structures (for example, threats to — and from —generative AI).

Correction: This article has been updated to reflect William Dupreis a VP analyst at Gartner.

The art of threat modeling: 3 frameworks to know (2024)
Top Articles
Procaffeinating: 20 Bulletproof Coffee Recipes To Kickstart Your Morning
The Best Pomegranate Guacamole Recipe
Plaza Nails Clifton
Wellcare Dual Align 129 (HMO D-SNP) - Hearing Aid Benefits | FreeHearingTest.org
Mawal Gameroom Download
Lycoming County Docket Sheets
Snarky Tea Net Worth 2022
Vichatter Gifs
Thayer Rasmussen Cause Of Death
Things To Do In Atlanta Tomorrow Night
Guilford County | NCpedia
Equipamentos Hospitalares Diversos (Lote 98)
Sound Of Freedom Showtimes Near Cinelux Almaden Cafe & Lounge
Sadie Proposal Ideas
18889183540
Xsensual Portland
Egizi Funeral Home Turnersville Nj
Buying Cars from Craigslist: Tips for a Safe and Smart Purchase
European city that's best to visit from the UK by train has amazing beer
Colonial Executive Park - CRE Consultants
Workshops - Canadian Dam Association (CDA-ACB)
11526 Lake Ave Cleveland Oh 44102
Nottingham Forest News Now
Lbrands Login Aces
Medline Industries, LP hiring Warehouse Operator - Salt Lake City in Salt Lake City, UT | LinkedIn
Rural King Credit Card Minimum Credit Score
Wbap Iheart
Kuttymovies. Com
2021 Tesla Model 3 Standard Range Pl electric for sale - Portland, OR - craigslist
The Creator Showtimes Near Baxter Avenue Theatres
Jt Closeout World Rushville Indiana
L'alternativa - co*cktail Bar On The Pier
Colin Donnell Lpsg
Goodwill Thrift Store & Donation Center Marietta Photos
Afspraak inzien
Vivek Flowers Chantilly
Banana Republic Rewards Login
Why I’m Joining Flipboard
Mid America Clinical Labs Appointments
Bunkr Public Albums
The power of the NFL, its data, and the shift to CTV
Shipping Container Storage Containers 40'HCs - general for sale - by dealer - craigslist
Parent Portal Pat Med
Atu Bookstore Ozark
Ferhnvi
White County
Europa Universalis 4: Army Composition Guide
The Bold and the Beautiful
Secrets Exposed: How to Test for Mold Exposure in Your Blood!
Walmart Listings Near Me
10 Best Tips To Implement Successful App Store Optimization in 2024
Die 10 wichtigsten Sehenswürdigkeiten in NYC, die Sie kennen sollten
Latest Posts
18 Enchanting Yule Log Recipes to Grace Your Christmas Table
21 Healthy Turkey Recipes That You'll Love | Easy Thanksgiving Leftover Recipes
Article information

Author: Zonia Mosciski DO

Last Updated:

Views: 5725

Rating: 4 / 5 (71 voted)

Reviews: 86% of readers found this page helpful

Author information

Name: Zonia Mosciski DO

Birthday: 1996-05-16

Address: Suite 228 919 Deana Ford, Lake Meridithberg, NE 60017-4257

Phone: +2613987384138

Job: Chief Retail Officer

Hobby: Tai chi, Dowsing, Poi, Letterboxing, Watching movies, Video gaming, Singing

Introduction: My name is Zonia Mosciski DO, I am a enchanting, joyous, lovely, successful, hilarious, tender, outstanding person who loves writing and wants to share my knowledge and understanding with you.