Threat Analysis
Threat Analysis is used, to identify threats associated with system/applications. It becomes important to understand the terminologies involved while performing this activity.
Vulnerability | A vulnerability is a weakness found in the system/app/procedure. Vulnerability presents themselves as an opportunity for exploitation. Ex: Bug in the software that could potentially allow data to be stolen from a system. |
Threat | A threat is any circumstance that may lead to negative impact to the integrity, availability or confidentiality of business systems. This could include anything that a business considers important such as operations, assets, reputation and so on. Ex: Loss of laptop Threats and information technology are usually associated with vulnerabilities in a system or process. |
Exploit | Exploits take advantage of vulnerabilities. Exploits are the actual attack that occur. Ex: A system is vulnerable to data tampering. An exploit would be the action taken to actually perform the activity of data tampering. |
Risk | A risk is the level of impact of threat occurs. There are many calculations available that assist in prioritizing and quantifying risk. Typically, risk will be some measure of impact and probability. These measurements are sometime qualitative and other time are quantitative. |
Attack Surface | An attack surface is determined by identifying all points that could potentially be used by the attacker. Attack surface will usually include organizations assets, people or even process. Ex: An attack surface for an application may be focused on inputs & outputs |
Trust Boundary | A Trust boundary refers to the concept that trust & reliability of data changes throughout the system/application. In threat modelling, trust boundaries are used to identify when there is a potential threat that someone may later take advantage of trust changes in order to perform activities such as spoofing and escalation of privileges. |
Mitigate | Mitigation is used to lessen the impact of threats. This can be accomplished in many different ways, including adding additional security controls. For instance, you might be able to mitigate a vulnerability affecting data loss from a USB device if you add a technical control that limits the capability of users from writing data to a USB device. The threat of a user accidentally/ intentionally using a USB device to steal your data has now been mitigated and reduced. |
Threat Actions
The ultimate goal of the threat analysis is to identify threats so that action can be taken. There are four ways doing that.
Mitigate | Mitigation is used to lessen the impact of threats. This can be accomplished in many different ways, including adding additional security controls. Ex: The vulnerability, affecting data loss from a USB device cab be mitigated, technical controls are added that limits the capability of user writing data to a USB device. The threat of a user accidentally/ intentionally using a USB device to steal your data has now been mitigated and reduced. |
Eliminate | Vulnerabilities can be eliminated by correcting the issue that caused the vulnerability in the first place. Ex: An application is vulnerable because it uses client-side input sanitation controls. Well, since the user input should never be trusted, the sanitation should actually occur on server instead of client. If this change is made, the threat that a client-side input sanitation controls are bypassed by attacker have been eliminated. |
Transfer | A threat can be transferred by choice. Ex: You are running a shop and want to accept credit cards, If u choose to accept credit card yourself, u will need to ensure that u are protecting this data according to any laws & regulations that might exist. Instead you could transfer the threat that credit card data stolen by transferring to a third party. |
Accept | There may be situations that cause you to accept the risk that a threat poses. This could be due to the low impact were the threat to be realized, or it could be because you need to have a system or process in the place so that you can actually stay in the business Ex: You run a grocery store. You might use security controls like camera, RFID tags to prevent a majority of threat, however when you use these controls, the residual risk still remains. Although you have mitigated some portions of the damage, a threat could still remain, which would cause you have groceries stolen. In order to remain in business, you might have to accept that risk |