Home PagePractical Threat Analysis in-depthPart 1: The State of Threat Analysis Welcome to Practical Threat Analysis (PTA) - a calculative threat modeling methodology and software technology that assist security consultants and analysts in assessing system risks and building the most effective risk reduction policy for their systems. What is practical threat analysis?Threat analysis identifies threats and defines the most cost-effective risk mitigation policy for a specific system architecture, functionality and configuration. It involves mapping assets, modeling threats and building a mitigation plan that lowers system risk to a minimal, acceptable level. The risk mitigation plan is composed of countermeasures that are considered to be the most effective against the identified threats. When should threat analysis be initiated?Threat
analysis is required for: - Customized application solutions built on standard products. - All other
cases where "as-is" implementation of pre-compiled compliance checklists provided by vendors or
security standards committees, is insufficient or not practical. The problemSystems development is always constrained by some combination of budget, time and resources and threat analysis usually ends up as a task to be done “later”. Since threat analysis is a skill most developers and managers lack, the result is that the threat analysis task is being done “never”. The solutionBy using Practical Threat Analysis, risk assessment models and mitigation policies can be built quickly and without endangering the project's schedule. Compliance knowledge is transformed into prioritized cost-effective countermeasures, system specific know-how is retained, shared and maintained within the organization and senior management has total transparency to system risk and business considerations. What are the existing tools?Word-Processor + Spreadsheet Documents – The analyst has the freedom to describe threats and vulnerabilities and express her analytical qualification in a free format with no restrictions dictated by the tool. However, the overhead of the data management and the calculation tasks is very high because of the lack of a built-in ability to represent the interrelations between entities and to dynamically alter the threat model. In reality the data model required for threat analysis is far beyond the capabilities of spreadsheet programs. In addition, most of these solutions also lack the necessary reporting functionality. Checklist-Based Tools – These are tools that provide pre-defined sets of security recommendations that are used as compliance checklists. This approach may work for standard applications where all possible security issues are known in advance. Most of these tools have reporting capabilities and usually come in two flavors:
Since this type of tool is based on lists of general purpose standard countermeasures their output is in most cases trivial. They are not flexible in supporting and encouraging the analyst to create new threat scenarios that are specific to her application. Threat Modeling Tools – Microsoft’s tool combines Schneier’s Attack-Trees methodology with standard Microsoft Threat Classification scheme and has four important limitations:
Next (part 2): PTA Methodology, Terminology
and Definitions
|