A threat analysis is a process used to determine which components of
the system need to be protected and the types of security risks
(threats) they should be protected from.
- identify assets which needs protection
- imagine possible violation scenarios and describe the impact
- collect threats, identify exposure and exploitability
- calculate threat risk levels by combining likelihood and impact
- plan mitigtaion for threats with high risk
Identify system boundaries, describe intended operational environment.
Illustrate with a context block diagram.
The goal is to collect system assets, and fill in the impact matrix: describe
the impact of a security property violation.
Basic tenets (CIA) or protection goals are:
- human health or environmental damage
- disruption of customer business
- breaches of legal or regulatory requirements
- breaches of contractual requirements
- loss of intellectual property, licence fraud
- loss of reputation, customer or market share
PROTECTED ASSETS AND SERVICES
- eg. credentials, sensitive data, software ip, etc.
List hardware and software components and describe potential violation
scenarios for each protection goal and assign an impact rating.
- violation scenarios - CIA
Threat and risk list
Describe attack scenarios:
- affected component
- attack description
- protection goal (confidentiality, integrity or availability)
- the associated type of attacker (malicious user, hacker, researcher, etc.)
- the related exploitable weakness and its exposure, exploitability/simplicity and impact
- the risk calculated from the properties of the weakness
- possible security measures, ideas
Updated 02 January 2023