01/16/2020

Daily Buzz: Why Your Organization Needs a Threat Model

This will allow you to take a proactive approach to cybersecurity

With cyberattacks becoming more complex and more frequent, organizations must remain vigilant in their cybersecurity efforts. One way to shield your organization from an attack is to implement a threat model, says Maggie Jauregui at The Next Web.

Threat modeling is a process that improves security by identifying vulnerabilities within an organization and implementing safety measures to stop potential threats.

According to Jauregui, a security researcher for Intel, the five steps to build a threat model include taking inventory of all assets you need to protect, determining what you’re protecting each asset from, laying out an adversary model that defines the type of attacker you need to protect against, pinpointing potential threat vectors and attacks and then developing mitigation for each threat.

But once the threat model is created, your work isn’t done. You need to follow a few best practices to ensure its effectiveness. For example, share your threat model document broadly within the organization.

“Without wide circulation among those involved in every stage of product development (architects, developers, validation teams, and security researchers), the document isn’t of much use,” Jauregui said.

Additionally, organizations should treat threat models as “living documents,” Jauregui said. Once it’s created, commit to refining your threat model as the tech landscape evolves and new threats arise.

“Done properly, threat modeling can profoundly improve your organization’s security posture,” Jauregui said.

Please select this link to read the original article from Associations Now.