Practical Threat Analysis - a calculative Threat Modeling methodology and a Risk Assessment tool for Security Experts

<body bgcolor="white"> <h1 align="left"><font face="Verdana" size="1"> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></h1> <h1 align="center"><font face="Verdana" size="1">Build your First Threat Model</font></h1> <font face="Verdana" size="1"><blockquote> <p>(Useful naming conventions and boot-strap tips aggregated from the <a target="content" href="Support.htm">PTA FAQ page</a>)</p> <p>By Menachem Lidor - <a href="mailto:support@ptatechnologies.com">PTA Support</a></p> <p><font face="Verdana"><u>1.Use a PTA sample project as a starting point</u><br> <br>When initiating your first threat model, it may be productive to use one of the PTA sample models as a base line. The sample PTA threat models reside in the <b>Samples</b> folder under the installation root folder  (C:\Program File\PTA\Samples if you have chosen the default installation value at install time). </font></p> <p><font face="Verdana">My recommended sample is the Currency Rates threat model since it is relatively simple yet comprehensive enough to serve as a starting point. O</font>pen the sample's <font face="Verdana"> CurrencyRates.thm</font> file using the <b>File </b>|<b> Open PTA Project</b> dialog. Then s<font face="Verdana">ave the project under a new name (better do it in another dedicated working folder as well) by using t</font>he <b>File </b> |<b> Save As</b> option<font face="Verdana">. It would be nice if you update the new project properties by using the <b> Set Project Properties</b> link from </font> <b>File </b>|<b> Project Properties</b><font face="Verdana">.</font></p> <p><font face="Verdana">A popular approach for a starter is to use the sample's threat model entities (assets, threats vulnerabilities etc.) as a base line for alteration, replacement and editing. Best practice is to edit the entities text fields and enter your relevant titles and descriptions instead of the existing ones. More on that is given in tip number 3.</font></p> <p><font face="Verdana"><u>2.Organise the relevant Risk Assessment documents</u><br> <br>The PTA Professional Edition tool supports binding of additional unstructured information as  </font><b>Attachments </b>|<b> Documents</b><font face="Verdana"> which are relevant to the threat analysis and risk assessment process. It is recommended that you'll organize the needed documents (security notes, standards specifications, development details, design schemes, operational workflow, relevant regulations, liability considerations, HR data etc) and put them in your new project folder from day one. The documents can be later attached to the relevant model entities and help you in validating your model parameters.</font></p> <p><font face="Verdana"><u>3.Syntax Naming Conventions for the Titles of the Threat Model Entities </u><br><br><b>Assets</b> - define your assets as <u> Nouns</u> - they are the ones that when damaged you’ll feel the blow e.g. “The availability of the company’s Web site" (if the site is down you lose money!). <br> <br> <b>Countermeasures </b>are mitigating activities, either corrective or preventive. That is why each countermeasure title should contain a <u>Verb</u> e.g. “Install and configure a firewall”. <br> <br> <b>Vulnerabilities</b> are those static weaknesses, limitations or defects in your system that are waiting to be exploited, therefore their titles should have a <u>Static</u> descriptive nature e.g. “The Web server is vulnerable to access from the Internet”. <br> <br> <b>Threats</b> are attack scenarios that exploit vulnerabilities to damage assets. From our experience when a threat is formulated in a "literary" way - a simple <u>Story</u> - it is more easy for non-technical audience to get the grasp of it (and approve the budget…;-). It will be nice if the potential attackers and the attack entry points will be part of the threat title e.g. “A hacker damages the company’s Web site pages by exploiting the fact that the Web server is exposed to the Internet” <br> <br> <u>4.Start with a simple Work-flow when entering your threat model entities </u></font></p> <p><font face="Verdana">Keep it simple - The following recipe may look a little counter-intuitive but if you follow the data entry order it will save you grief.<br> <br> a) - Define your assets. <br> <br> b) - Define countermeasures. <br> <br> c) - Define vulnerabilities. <br> <br> d) - Assign countermeasures to each vulnerability. The associated countermeasures should be those that reduce the chances that the vulnerability will be exploited.<br> <br> e) - Define threats as attack scenarios that exploit vulnerabilities to damage assets. Note that a threat in the PTA model is a specific scenario or a sequence of actions that exploits a given set of vulnerabilities (one or more) and may cause damage to a given set of the system’s assets (one or more). The important point here is that the threat scenario is bundled with the set of assets it threatens as well as with the set of vulnerabilities it exploits.  <br> <br> Repeat the process until you're satisfied with the results. </font></p> <p><font face="Verdana"><u>5. Do not struggle with Assets Monetary Values, Threats Probabilities, Levels of Damage and all other quantitative parameters</u><br><br>Measuring the value of assets in monetary values is one of the most important issues in PTA calculative foundation. The same is true when estimating the probability that a threat will materialize (presented in PTA by the traditional ARO - Annual Rate of Occurrence parameter). Assigning dollar values and probabilities is a non-trivial educated guesswork which highly depends on the existence and quality of historical data. This also applies to all other quantitative parameters such as Levels of Damage, Levels of Mitigation and the like, needed for the proper functioning of the PTA calculative threat modeling methods.<br> <br> My tip: do not struggle with these issues on your first session. Since monetary values, threats' probabilities and all other parameters can be easily changed and the whole model is updated automatically, you may establish the preliminary threat model by entering roughly estimated values and then refine them according to more accurate data gathered along the risk assessment feedback process.</font></p> <p><font face="Verdana"><u>6. Produce Reports as early as possible</u><br> <br>Use the PTA reporting system for producing reports even at a preliminary stage of data entry and do not postpone it to later stages. Looking at the reports and analysis outputs may point your attention to difficulties in the threat model and interrelations between entities at an early stage of the threat model building process.</font></p> <p> </p> </blockquote></font> <p align="center"> <font face="Verdana" size="1"> ***</font></p> <p align="center"><font face="Verdana" size="1"><font face="Verdana">Read More: </font> <a href="http://www.ptatechnologies.com/company.htm">http://www.ptatechnologies.com/buildthreatmodel.htm</a></font></p> <p align="center"><font face="Verdana" size="1"> <b><a target="content" href="PTAInANutshell.htm">What Is Practical Threat Analysis ?</a></b><br> <a target="_top" href="http://www.ptatechnologies.com/">Home Page</a></font></p> </body>