{"id":378,"date":"2020-12-04T17:41:21","date_gmt":"2020-12-04T17:41:21","guid":{"rendered":"https:\/\/www.cybermosaic.co.uk\/?p=378"},"modified":"2021-03-28T17:44:58","modified_gmt":"2021-03-28T17:44:58","slug":"cyber-threat-modelling","status":"publish","type":"post","link":"https:\/\/www.cybermosaic.co.uk\/?p=378","title":{"rendered":"Cyber Threat Modelling"},"content":{"rendered":"<p>As well as preparing a threat model for a new conceptual model I am developing for my research, I was recently asked to give an overview of how threat modelling can assist in architectural and design processes.\u00a0The request was for a video presentation and so I had two requirements to revisit this topic. Time for revision!<\/p>\n<p>So this post is a landing page for my unlisted YouTube video and useful links I might need to reference. In other words, more useful to me than anyone else who ends up here on their travels!<\/p>\n<p>The video covers:<\/p>\n<ul>\n<li>What is threat modelling?<\/li>\n<li>What is it used for and why do it?<\/li>\n<li>What is the link between threat intelligence and threat modelling?<\/li>\n<li>What is the relationship between threat modelling and risk assessment?<\/li>\n<li>Example<\/li>\n<li>Emerging uses, techniques and tools<\/li>\n<li>References &amp; resources<\/li>\n<\/ul>\n<p><iframe title=\"TM Presentation v05\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/HYnQhtMcLpc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture\" allowfullscreen><\/iframe><\/p>\n<p>Links and resources:<\/p>\n<p>Link between TM and Risk:<\/p>\n<p><a href=\"https:\/\/www2.cso.com.au\/article\/664928\/link-between-threat-modelling-risk-management\/\">https:\/\/www2.cso.com.au\/article\/664928\/link-between-threat-modelling-risk-management\/<\/a><\/p>\n<p>Microsoft tooling:<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/threatmodeling\">https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/threatmodeling<\/a><\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/security\/develop\/threat-modeling-tool\">https:\/\/docs.microsoft.com\/en-us\/azure\/security\/develop\/threat-modeling-tool<\/a><\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/archive\/msdn-magazine\/2009\/january\/security-briefs-getting-started-with-the-sdl-threat-modeling-tool\">https:\/\/docs.microsoft.com\/en-us\/archive\/msdn-magazine\/2009\/january\/security-briefs-getting-started-with-the-sdl-threat-modeling-tool<\/a><\/p>\n<p>Learning TM:<\/p>\n<p><a href=\"https:\/\/medium.com\/@roberthurlbut\/learning-about-threat-modeling-3f6811e7520c\">https:\/\/medium.com\/@roberthurlbut\/learning-about-threat-modeling-3f6811e7520c<\/a><\/p>\n<p><a href=\"https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr_18-1174-ngci-cyber-threat-modeling.pdf\">https:\/\/www.mitre.org\/sites\/default\/files\/publications\/pr_18-1174-ngci-cyber-threat-modeling.pdf<\/a><\/p>\n<p>OWASP Application Threat Modelling<\/p>\n<p><a href=\"https:\/\/owasp.org\/www-community\/Application_Threat_Modeling\">https:\/\/owasp.org\/www-community\/Application_Threat_Modeling<\/a><\/p>\n<p>CIS Benchmarks<\/p>\n<p><a href=\"https:\/\/www.cisecurity.org\/cis-benchmarks\/\">https:\/\/www.cisecurity.org\/cis-benchmarks\/<\/a><\/p>\n<p>STRIDE Threat Modelling with Examples<\/p>\n<p><a href=\"https:\/\/www2.slideshare.net\/GirindroPringgoDigdo\/threat-modeling-using-stride?from_action=save\">https:\/\/www2.slideshare.net\/GirindroPringgoDigdo\/threat-modeling-using-stride?from_action=save<\/a><\/p>\n<p>Adam Shostack<\/p>\n<p><a href=\"https:\/\/adam.shostack.org\/blog\/category\/threat-modeling\/\">https:\/\/adam.shostack.org\/blog\/category\/threat-modeling\/<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As well as preparing a threat model for a new conceptual model I am developing for my research, I was recently asked to give an overview of how threat modelling can assist in architectural and design processes.\u00a0The request was for a video presentation and so I had two requirements to revisit this topic. Time for [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6],"tags":[22],"class_list":["post-378","post","type-post","status-publish","format-standard","hentry","category-sec","tag-threat-modelling"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/378","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=378"}],"version-history":[{"count":2,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/378\/revisions"}],"predecessor-version":[{"id":380,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/378\/revisions\/380"}],"wp:attachment":[{"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=378"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=378"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybermosaic.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=378"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}