Cybersecurity Threat Modeling

Threat modeling is the process of identifying, analyzing and categorizing threats.

List of Cybersecurity Threat Models

Cybersecurity Threat Models featured on this post:

  • MITRE ATT&CK
  • STRIDE
  • PASTA
  • VAST
  • Diamond Model of Intrusion Attack

The most popular is MITTRE ATT&CK.

MITRE ATT&CK

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Matrix is both a threat model to classify the nature of threat and a knowledge base, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

It can help to integrate both internally created intelligence and external threat feed data.

The Cyber Killer Chain consists of these steps:

  1. Recon
  2. Weaponize
  3. Deliver
  4. Exploit
  5. Execute
  6. Control
  7. Maintain

In addition to the model, it is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

It is broadly accepted by threat modeling and threat intelligence organizations and is used as default model in many software packages and tools.

MITRE ATT&CK official website

STRIDE

STRIDE is a threat model to classify the nature of threat.

It is developed by American company Microsoft.

STRIDE is an acronym that stands for the different threat categories it considers:

  1. Spoofing
  2. Tampering
  3. Repudiation
  4. Information Disclosure
  5. Denial of Service (DoS)
  6. Escalation of Privileges

Official website

PASTA

Process for Attack Simulation and Threat Analysis (PASTA) is designed to help with countermeasure selection in relation to the assets to be protected.

It was created by Tony Uceda Vélez and Marco M. Morana from American company VerSprite.

PASTA stages:

  1. Define of objectives (DO) for the analysis of risks
  2. Definition of the technical scope (TS)
  3. Application decomposition and analysis (ADA)
  4. Threat analysis (TA)
  5. Weakness and Vulnerability analysis (WVA)
  6. Attack modeling & simulation (AMS)
  7. Risk analysis & management (RAM)

PASTA official website

VAST

Visual, Agile, and Simple Thread (VAST) integrates threat and risk management into an Agile programming environment on a scalable basis.

Diamond Model of Intrusion Attack

Diamond model of intrusion attack addresses how to think about intrusions, without addressing broader threats.

You can read more about it on this external link.

You might also be interested in…

External References

  • STRIPE
    • M. Chapple et al; “CISSP Study Guide Ninth Edition”, chapter 1 “Security governance through principles and policies”, section “Threat Modeling”, p. 27; Wiley, 2021
  • PASTA
    • M. Chapple et al; “CISSP Study Guide Ninth Edition”, chapter 1 “Security governance through principles and policies”, section “Threat Modeling”, p. 27-28; Wiley, 2021
    • Tony Uceda Velez, Marco M. Morana; “Threat MOdeling: Process for Attack Simulation and Threat Analysis”; Wiley 2015
  • VAST
    • M. Chapple et al; “CISSP Study Guide Ninth Edition”, chapter 1 “Security governance through principles and policies”, section “Threat Modeling”, p. 28; Wiley, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *