By taking a broader, more expansive view of threat modeling, organizations can consider the whole picture of their security strategy and improve efficiency. Threat modeling is a systematic approach to finding, prioritizing and fixing security threats, but it can be much more. It invites an exercise in systematic collaborative thinking, and as such its benefits go beyond tangible security fixes.
There are many great approaches to threat modeling, the taxonomy and descriptions of which are beyond the scope of this article. Simply put, the standard approach to threat modeling involves listing possible threats (along with possible threat actors, including employees), ranking them according to probability of exploitation and cost to the organization based on an understanding of the organization’s hackable assets and associating the highest-priority threats with the best actions that could protect against them.
Potential Benefits of Threat Modeling
1. It educates and informs all involved. Threat modeling done right brings together security teams, operations and developers to minimize vulnerability to cyber attacks. This is a learning exercise for everyone.
2. It helps with budgeting.The practice of threat modeling involves prioritizing threats and estimating their cost to the organization, as well as identifying the protections against those threats. That provides powerful data for the cost-benefit analysis in the budgeting process.
3. It’s a communication process and results in further tools for communication. Through the ongoing collaboration needed among leaders on the problems and specifics of threat modeling, each leader learns from the others. They all gain experience in developing a set of documents for the communication of security practices for the whole organization. Threat modeling produces action plans. It also produces educational materials.
4. It helps the whole business by encouraging a re-consideration of how the business operates. Threats and targets are always changing, and so threat management must also evolve. The output of a threat modeling system is a series of ‘living documents’ which need to be constantly updated and reassessed. This process also clarifies how the whole business operates, and can inform improvements over time.
5. It’s a prioritization exercise for not only threat mitigation, but also app development. Threat modeling can be the glue that connects development, security and operations. The leaders of all DevSecOps silos are brought together to solve problems together.
6. It guides new application development. Sometimes the best way to fix a massive vulnerability is to scrap an app and build a new one, this time with security baked in.
7. It helps the organization choose products, services and platforms. Threat modeling gets everyone focused on security. This informs the selection of hardware, software, services and platforms. That’s one of the payoffs of the culture of security that can result from ongoing threat modeling.
Three Ways to Take a Holistic Approach
In general, a holistic approach involves as many people in the organization as possible. Here’s how to do it:
1. Take a more inclusive approach to threat modeling. Recruit not only technology leaders, but business and operational leaders into the process.
2. Set up a communication center. Ongoing communication of threat modeling information will help employees make better decisions about security. Those informed employees can also provide input into future threat modeling actions.
3. Develop a clear set of primary objectives based on threat modeling priorities. Share these with service providers, consultants, partners, suppliers or anyone else who can contribute to the achievement of your security goals.
It’s time to not only to embrace the practice of threat modeling, but also to take a holistic approach to the practice and reap the many benefits beyond specific security measures. It’s time to create a culture of security through threat modeling.