The purpose of a threat analysis is to identify the assets
within a system that require protection and to determine the
types of threats they need to be safeguarded against.
The process includes the following steps:
identify assets which needs protection
imagine possible violation scenarios and describe the
impact
collect threats, identify exposure and exploitability
calculate threat risk levels by combining likelihood and
impact
plan mitigtaion for threats with high risk
System modeling
Describe the system’s intended operational environment.
Illustrate with a context block diagram. Identify system
boundaries and create a list of assets, that may need
protection.
Impact modeling
The goal is to collect system assets, and fill in the impact
matrix: describe the impact of a security property violation.
Basic tenets (CIA) or protection goals are:
confidentiality
integrity
availability
IMPACT CATEGORIES
human health or environmental damage
disruption of customer business
breaches of legal or regulatory requirements
breaches of contractual requirements
loss of intellectual property, licence fraud
loss of reputation, customer or market share
IMPACT SCALE
disastrous
critical
moderate
negligible
PROTECTION GOALS
confidentiality
integrity
availability
PROTECTED ASSETS AND SERVICES
eg. credentials, sensitive data, software ip, etc.
Component description
List hardware and software components and describe potential
violation scenarios for each protection goal and assign an impact
rating.
component
description
violation scenarios - CIA
Threat and risk list
Describe attack scenarios:
affected component
attack description
protection goal (confidentiality, integrity or
availability)
the associated type of attacker (malicious user, hacker,
researcher, etc.)
the related exploitable weakness and its exposure,
exploitability/simplicity and impact
the risk calculated from the properties of the
weakness