Threat modelling is a process aimed for identifying potential threats to the system by mapping the assets, the types of attackers, and by other factors. The purpose of threat modelling is to provide the developers the most likely attack vectors, and the assets most desired by an attacker. The threat modeling will assist the developer to know about what assets he need to protect and against what kind of threats. Threat modelling answers the questions “What and where are the assets?” “Where am I most vulnerable to attacks?” “What are the most relevant threats?” “Is there an attack vector that might go unnoticed?”
When developing a new system, it is not always clear what and where the sensitive assets that need to be protected, which defense mechanisms should be implemented and at which level? A mapping of the assets and the threats will give you the ability to plan the defense mechanisms that should be applied and where to locate them.
Comsec provide a Threat Model customized to the System of a client. The document will describe the identified assets and the threat agents, therefore allowing the countermeasure that are required to protect against those threats to be defined.