CISSP Domain 3 Notes - Security Architecture and Engineering

Study Guide 9th edition

Research, Implement and manage Engineering processes using secure design principles

Threat Modelling

Prioritizing threats against an organisation’s valuable assets.

3 common Threat Modelling Techniques to Identify Threats:

• Focused on Assets
• Focused on Attackers
• Focused on Software

Threat Modelling Approach

A model used by BCP team to identify and asses threats against applications or operating systems. STRIDE is a threat categorization scheme developed by Microsoft.

Process for Attack Simulation and Threat Analysis (PASTA)

A seven-stage threat modelling methodology. PASTA is a risk-centric approach that aims at selecting or developing countermeasures in relation to the value of the assets to be protected.

Next step after Threat Modelling is ‘Reduction Analysis’ (Decomposition of application, system or environment) This includes:

• trust boundaries
• dataflow paths
• input points
• privileged operations
• details about security stance and approach.

Once threats are identified, next step is to fully document it. This should include:

• defining the means, target and consequences of a threat
• techniques required to implement an exploitation
• potential countermeasures and safeguards

Post-documentation, next step is to rank and rate the threats using wide range of techniques:

• Probability x Damage Potential rankings
• High/medium/low rating (risk matrix*)
• DREAD system

The DREAD (Disaster, Reproducibility, Exploitability, Affected Users and Discoverability) rating…