Integrating insights from threat modelling into your risk assessments enhances your security by helping you get a better view of your risks. While threat modelling is highly effective for helping to secure software systems, it is not as commonly used in broader risk assessments due to its specialised nature and focus on technical threats within software development.
Threat modelling and risk assessment are complementary practices in cybersecurity. Each approach offers specific insights and benefits. Put them together and they provide a full understanding of security issues and ways to solve them.
How does threat modelling make risk assessments better?
I find threat modelling helpful when I do risk assessments. It significantly helped me to examine technical properties and design thoroughly, covering all key threats. Without threat modelling, I might have missed some important things. Threat modelling fits well with the approach in the international standard for risk management (ISO 31000:2018). Specifically, I find that threat modeling helps me in the risk identification, analysis, and evaluation phases of ISO 31000:2018. Threat modeling helps me find concrete risk examples. I then use these examples in workshops which helps my stakeholders understand the risks effectively.
Source: Adapted from ISO 31000:2018 Risk Management
STRIDE threat model framework in risk assessments
My preferred approach to threat modelling is STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege). Each letter in the acronym describes a specific type of threat that can exploit vulnerabilities in a system. In my experience during a risk assessment, applying STRIDE helps in systematically identifying potential threats that could impact the confidentiality, integrity, and availability of data and systems.
Incorporating STRIDE threat modeling into the risk assessment process enriches the development of risk scenarios. These scenarios illustrate how each identified threat could manifest in real-world situations, helping in better understanding and communication of risks to stakeholders. While assessing risks in an HR system, I found understanding different threat types very helpful. For example, the spoofing threat category helped me identify ways attackers could impersonate users. I find the Microsoft STRIDE threat modeling tool very helpful because it automatically generates threats when I draw data flow diagrams. My view is that, although it will take some initial effort, integrating threat modeling into risk assessments is worthwhile, as it greatly helps in securing systems.
If you want to know more about threat modelling or want to get some help about threat modelling please contact us.