Answer yes if your organisation conducts threat modelling when designing each application or system. Please state in the notes how threat modelling is integrated into your SDLC or provide a supporting document (for example, a template threat modelling report as a PDF file) as evidence.
What is it?
Threat modelling involves taking a step back when designing something to consider how it could possibly be misused by a threat actor.
When applications are architected, it’s important to consider how each function works, what privileges it operates under, what it can access or write to, how it is called, and then consider any ways in which it could potentially be misused by an attacker.
The process of threat modelling applications aims to identify potential avenues of attack in order to first determine the optimal way to structure an application’s functions (the application architecture) and, second, where to implement additional controls in order eliminate potential vulnerabilities.
Why should I have it?
Unlike input (and output) validation and other code-related security aspects, threat modelling typically applies primarily to the architectural aspects of software. While the former helps protect individual functions by making sure they are used as intended, threat modelling helps guide the overall architectural design and identify the individual functions to be checked and validated.
Much like improving the security of individual functions in code, enhancing the overall security of an application’s architecture has the same benefits in increasing the trustworthiness of software by reducing the possibility of an attacker misusing it or circumventing any security mechanisms.
In order to implement effective threat modelling, any software development project should have defined security requirements as per your existing policies. The requirements brief should include all types of data used by the application and all the requirements of the application itself in order to properly assess the security risks and requirements..
A threat modelling approach that suits your project and development framework should be defined then applied in an iterative fashion for every project until a final secure architecture is agreed and any important functions validated for security robustness.
There are numerous consultancies or individual consultants that will be able to assist in crafting a policy and implementing an SDLC that includes security best practice in a way that meets your business and technical requirements. Please message us if you would like a recommendation.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.
Please do not submit your answer on the knowledge base.