What do you need to be worried about?
A Threat Model is a fancy word for understanding the security context your applications runs in. Building a threat model can be simple, or extremely complex - depending on how far you want to go with it.
How does it work?
An organization can build its own simplistic threat model by asking itself questions like:
- What types of data are used by the system or organization and how valuable are they?
- Who might have an interest in attacking the system or organization?
- What is the attack surface of the system? What can we see online externally? What about internally?
- What countermeasures do we have in place?
The model is a living thing.
As an organization matures, the threat model may become increasingly detailed - defining branches of an attack tree. How far the model needs to go depends on how it is going to be used by the organization.
A threat model should ideally be a living model that gets updated as systems, resources and data change. In some ways, it is like the compass that can be used to determine what direction a security initiative should go or how deep to go with a security control.
Who should be interested?
Organizations wishing to pro-actively build a justification for their their long term security investments.
What does it cost?
A threat model is done in a consulting engagement requiring anywhere from a day to several weeks - depending on how detailed the model is and what data inputs the customer has access to feed into it.
Note that simple threat modeling is implied for certain other types of work - like a security code review.
Jemurai provides a number of security services, including pure manual security code review, security architecture review, application scanning and testing and can engage with organizations to develop security programs and build security into their SDLC.