Home Page

The PTA Methodology in a Nutshell

What is Practical Threat Analysis ?

Read the Practical Threat Analysis in-depth article for a more detailed description of the PTA methodology.

A Calculative Threat Modeling Methodology

PTA (Practical Threat Analysis) is a calculative threat analysis and threat modeling methodology which enables effective management of operational and security risks in complex systems. It provides an easy way to maintain dynamic threat models capable of reacting to changes in the system’s assets and vulnerabilities. With PTA an analyst can maintain a growing database of threats, create documentation for security reviews and produce reports showing the importance of various threats and the priorities of the corresponding countermeasures.

PTA automatically recalculates threats and countermeasures priorities and provides decision makers with updated mitigation plan that reflects changes in threat realities. Countermeasure's priorities are a function of the system’s assets values, level of potential damage, threats probabilities and degrees of mitigation provided by countermeasures.

The recommended mitigation plan is composed of the countermeasures that are the most cost-effective against the identified threats.

The PTA Threat Model

The scheme below describes the interrelations between a threat and the assets, vulnerabilities and countermeasures.

 

In a nutshell:

  • Threats exploit Vulnerabilities and damage Assets.

  • Countermeasures mitigate Vulnerabilities and therefore might mitigate Threats.

See the Practical Threat Analysis in-depth page for a detailed description of the PTA Threat Model and the definitions of Entry Points, Attacker Types and Security Entity Tags.

The Practical Threat Analysis Process

In the following we present an abbreviated description of the PTA threat modeling steps.

1. Identifying Assets

Mapping of system asset's financial values and potential losses due to damages. Asset's values are the basis for calculating threats, risks and countermeasures priorities.

2. Identifying Vulnerabilities

Identifying potential system vulnerabilities requires knowledge of the system’s functionality, architecture, business and operational procedures and types of users. This is a continuous iterative task coupled with the step of identifying threats (step 4).

3. Defining Countermeasures

Defining the countermeasures relevant to system vulnerabilities. The countermeasure’s cost-effectiveness is calculated according to its estimated implementation cost.

4. Building Threat Scenarios and Mitigation Plans

Composing the potential threats scenarios and identifying the various threat's elements and parameters as follows:

  • Entering a short description of the threat scenario.
  • Identifying the threatened assets and the level of potential damage.
  • Setting the threat's probability. The threat's risk level is automatically calculated based on the total damage that may be caused by the threat and the threat's probability.
  • Identifying system’s vulnerabilities exploited by the threat. Identification of system's vulnerabilities automatically populates a list of proposed countermeasures.
  • Deciding on the actual mitigation plan by selecting the most effective combination of countermeasures.

Starting with Predefined Vulnerabilities and Threats

The threat analysis process can start with predefined entities of assets, vulnerabilities and countermeasures typical to the system being analyzed. Read more on PTA libraries concept in Common Assets, Vulnerabilities, Countermeasures and Threats Libraries.

Reviewing the Threat Analysis Results

Reviewing the threat analysis results can help improve the threat model and refine the model entities parameters. For a detailed description of the analysis results see the Threat Analysis Results and Reports page. The basic analysis outcomes are described below.  

  • List of threats, their risk and potential damage to assets when threats materialize.
  • List of assets and the financial risk that threatens them.
  • List of countermeasures, their overall mitigation effect and cost-effectiveness relative to their contribution to system risk reduction.
  • The maximal financial risk to the system, the final risk to the system (after all mitigation plans were implemented) and the current level of system risk according to the status of countermeasure's implementation.
  • The optimized mitigation plan which is composed of the countermeasures that are the most cost-effective against the identified threats

The analyst is encouraged to examine how the model behaves in response to changes in parameters and to run various "what if" scenarios that might provide additional insight on the system's realities.

 

***

 

PTA Software Tools for Threat Analysis
Home Page