Threat modelling is a process aimed to identify potential threats to the system by mapping the assets, the types of attackers, and by other factors. The purpose of threat modelling is to provide the developers with the most likely attack vectors, and the assets most desired by an attacker. Threat modeling will help the developer know which assets he needs to protect and against what kind of threats. Threat modelling answers the questions “What and where are the assets?” “Where am I most vulnerable to attacks?” “What are the most relevant threats?” “Is there an attack vector that might go unnoticed?”
When developing a new system, it is not always clear what and where the sensitive assets that need to be protected are, which defense mechanisms should be implemented and at what level? A mapping of the assets and the threats will give you the ability to plan the defense mechanisms that should be applied and where to locate them.
Comsec provides a Threat Model customized to the client’s system. The document will describe the identified assets and the threat agents, allowing the countermeasures required to protect against those threats to be defined.