Security News > 2021 > June > Threat modeling needs a reset

Organizations need to rethink their approach to threat modeling or risk losing its value as a key defense in their cybersecurity arsenals.

The traditional approaches to threat modeling can be very effective, but they don't scale well enough in the current computing and threat landscape.

In broad terms, threat modeling involves stepping back from the daily grind of security to get perspective on your systems, assess network and digital resources, identify vulnerabilities within the context of the threat landscape and prioritize plans that cover protection, response, remediation, and recovery.

Threat modeling sessions typically start with something akin to a whiteboarding session, with security experts and stakeholders discussing risk factors and brainstorming ideas on what to do about them.

If you start your process with a blank slate every time by drawing diagrams of your system components and architecture on a whiteboard, you are already behind if the goal is to scale threat modeling across your applications.

The established method of threat modeling slows down the entire process too much if you want to cover all of an organization's operations.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Ppxa7CJWLsQ/