Threat Modeling in Vital Infrastructure
In an ever-changing threat landscape and with continuous IT development, it is important to ensure focus and efficiency by doing the most important security assessments on the right targets. However, what are these and how can you determine where the focus should be?
Within this course our experts teach you how to do threat modeling according to the STRIDE methodology to support answering these questions. This works both for existing systems and when designing new infrastructure/applications and will provide you with a broad picture of the threats/potential risks and optimizes your focus in security testing.
Certain processes are so essential to a society that failure or disruption would lead to serious social disruption and poses a threat to the national security of the Netherlands. These processes and infrastructure form the vital infrastructure. Electricity, the water supply, payment industry and electronic communication are examples of vital processes.
This threat modeling course is specifically aimed at personnel of organizations that work in these vital processes. Due to the fast changing landscape and the ever increasing digital security risks, Secura feels that threat modeling can be very useful to stay in control of security, while still retaining the flexibility to improve and change. Therefore, this course is specifically aimed to train personnel who work at the frontier of the defense of our vital infrastructure.
This training course is suitable for:
- Information Security Officers;
- Network Administrators;
- Software engineers;
- Policy makers;
- IT architects.
Required skills and expertise
Understanding of basic data flow diagrams and security concepts is required. No existing knowledge of threat modeling is required during the training course.
The eight-hour training course is divided in multiple sections.
- Section 1: Introduction to threat modeling
The training course starts off with general introductions about threat modeling. What exactly is threat modeling, what are the benefits of it, and what are the basics of threat modeling.
- Section 2: Creating a DFD-Diagram
We will create a DFD (Data Flow Diagrams) of a real-life case as an example. During the creation of the diagram we will jointly think about which aspects are important to how to create these diagrams in practice.
- Section 3: Identifying threats
After creating a diagram, the threats can be identified. In this part we will introduce methods that can be used for this purpose, such as STRIDE, attack trees and attack libraries. Next, we will discuss STRIDE in more detail.
- Section 4: Mitigating threats
After identifying the applicable threats, the following step is to mitigate these in a structural way and to validate whether these threats have been successfully mitigated.
- Section 5: Implementing threat modeling in the Security Development Lifecycle
How can you implement threat modeling in the existing development processes and when should you perform threat modeling?
Lastly you get tips and tricks to lead efficient threat modeling sessions to get the maximum result in a short period of time.
- Understand when and how to do threat modeling
- Learn about the four step threat modeling process that can be used to structurally perform threat modeling (creating a diagram, identifying the threats, mitigating and validating the threats).
- Learn how to create complete, validated Data Flow Diagrams (DFD’s) that can be used as a basis for the threat modeling session.
- Learn how to use a threat modeling session to identify the threats that are applicable to the web application, mobile application, infrastructure or other component that is being threat modelled. The attendees will be introduced to different ways to identify threats, such as STRIDE, attack trees and attack libraries. The course will focus on identifying threats using STRIDE.
- Learn how to structurally address the identified threats, to mitigate the threats that have been identified in the previous step.
- Learn to validate the implemented mitigation, to make sure the implemented mitigation solves the threat completely and does not introduce any new threats.
- Learn how to implement threat modeling within the existing development process such as the Microsoft Security Development Lifecycle.
- Learn how to lead and organise efficient threat modeling sessions, to make sure the threat modeling session gets the wanted results.
After all, the threat modeling sessions should result in a list of threats that is as complete as possible. Next to that, you can get tips from the persons who have performed numerous threat modeling sessions at a large variety of organisations.
- Date: 11 October 2018