Cyber Threat Modelling
As well as preparing a threat model for a new conceptual model I am developing for my research, I was recently asked to give an overview of how threat modelling can assist in architectural and design processes. The request was for a video presentation and so I had two requirements to revisit this topic. Time for revision!
So this post is a landing page for my unlisted YouTube video and useful links I might need to reference. In other words, more useful to me than anyone else who ends up here on their travels!
The video covers:
- What is threat modelling?
- What is it used for and why do it?
- What is the link between threat intelligence and threat modelling?
- What is the relationship between threat modelling and risk assessment?
- Example
- Emerging uses, techniques and tools
- References & resources
Links and resources:
Link between TM and Risk:
https://www2.cso.com.au/article/664928/link-between-threat-modelling-risk-management/
Microsoft tooling:
https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool
Learning TM:
https://medium.com/@roberthurlbut/learning-about-threat-modeling-3f6811e7520c
https://www.mitre.org/sites/default/files/publications/pr_18-1174-ngci-cyber-threat-modeling.pdf
OWASP Application Threat Modelling
https://owasp.org/www-community/Application_Threat_Modeling
CIS Benchmarks
https://www.cisecurity.org/cis-benchmarks/
STRIDE Threat Modelling with Examples
https://www2.slideshare.net/GirindroPringgoDigdo/threat-modeling-using-stride?from_action=save
Adam Shostack
https://adam.shostack.org/blog/category/threat-modeling/