Rapid Threat Modeling - RTM

Threat modeling is a key security methodology we use to identify risks. This means the process maps business risks and focuses upon the threats posed by business goals.  It provides a guideline for security testing and a holistic view of system security and a defined approach to testing.

The objectives
Our Threat Modeling process includes the following steps:

• Understand organizational business objectives both strategic and tactical
• Understand organizational security architecture and requirements
• Identify the organizational profile and threat type
• Identify the objectives of an assessment
• Understand and prioritize risk
• Define key attack scenarios for testing
• Determine threat types for each attack scenario
• Attack Trees: mapping of technology to threats and vulnerabilities
• Identify Attack Depth
• Identify testable conditions that each attack requires to be successful
• Identify security assets
• Identify information assets encompassing the security architecture and their role
• Define the actual testing scope
• Provide a framework for ROI

RTM provides a repeatable, verifiable and consistent threat modeling process that can be directly applied to the objectives of penetration testing and vulnerability assessment. It allows scoping of the proposed testing to be done accurately and efficiently allowing the formation of specific attack teams and resources.

This allows the employment of comprehensive, complex and effective multi-stage, multi-phase, systematic attacks that align directly with the in-scope systems and their threat. It also allows the formation of expected results for testing.

We work with our clients to produce a realistic threat model that is based upon unique client needs, goals and objectives. Threat models are especially valuable as a tool to understand the security of mechanisms you depend on.

The threat modeling process yields a complete system security model that is used to craft an actionable test and assessment plan for security auditing and testing. Effective threat modeling requires security proficiency and expertise as well as intimate knowledge of the impact of exploits and how they can affect your infrastructure and information assets.

We work closely with your team to drive and explain the process.  We identify the actual, testable conditions each attack requires to be successful and provide perspective to ensure we identify the potential and tangible range of threats your infrastructure faces.