Home PagePractical Threat Analysis in-depthPart 1: The State of Threat Analysis Part
2: PTA Methodology, Terminology and
Definitions Welcome to Practical Threat Analysis (PTA) - a calculative threat modeling and risk assessment methodology that assist security consultants and analysts in assessing system risks and building the most effective risk reduction policy for their systems. What is threat analysis?Threat analysis identifies threats and defines the most cost-effective risk mitigation policy for a specific system architecture, functionality and configuration. It involves mapping assets, modeling threats and building a mitigation plan that lowers system risk to a minimal, acceptable level. The risk mitigation plan is composed of countermeasures that are considered to be the most effective against the identified threats. When should threat analysis be initiated?Threat
analysis is required for: - Customized application solutions built on several standard products as well as enterprise legacy systems. - All other
cases where "as-is" implementation of pre-compiled compliance checklists provided by vendors or
security standards committees, is insufficient or not practical. The problemSystems development and deployment are always constrained by some combination of budget, time and resources and threat analysis usually ends up as a task to be done “later”. Since threat analysis is a skill most developers and integrators lack, the result is that the threat analysis task is being done “never”. What are the existing tools?Word-Processor + Spreadsheet Documents – By using these popular tools, the analyst has the freedom to describe threats and vulnerabilities and express her analytical qualification in a free format with no restrictions dictated by the tool. However, the overhead of the data management and the calculation tasks is very high because of the lack of a built-in ability to represent the interrelations between entities and to dynamically alter the threat model. In reality the data model required for threat analysis is far beyond the capabilities of word processors and spreadsheet programs. In addition, most of these solutions also lack the necessary reporting functionality. Checklist-Based Tools – These tools provide pre-defined sets of security recommendations that are used as compliance checklists. This approach may work for standard applications where all possible security issues are known in advance. Most of these tools have reporting capabilities and usually come in two flavors:
Since these type of tools is based on lists of general purpose standard countermeasures, their output is in most cases trivial. They are not flexible in supporting and encouraging the analyst to create new threat scenarios that are specific to her application and find the appropriate mitigations that are best effective for her specific system. Threat Modeling Tools – Microsoft’s tool combines Schneier’s Attack-Trees methodology with standard Microsoft Threat Classification scheme and has four important limitations:
The solutionBy using Practical Threat Analysis, risk assessment models and mitigation policies can be built quickly and without endangering the project's schedule. Compliance knowledge is transformed into prioritized cost-effective countermeasures, system specific know-how is retained, shared and maintained within the organization and senior management has total transparency to system risk and business considerations.
Next (part 2): PTA Methodology, Terminology
and Definitions
|