11. Explain the steps within a threat model (AC 2.2)

The steps within the PASTA threat model According to the Software Engineering Institute at Carnegie Mellon University there are 7 stages, each with multiple activities. 1. Define Objectives Identify Business Objectives Identify Security and Compliance Requirements Business Impact Analysis 2. Define Technical Scope Capture the Boundaries of the Technical Environment Capture Infrastructure | Application | Software Dependencies 3. Application Decomposition Identify Use Cases | Define Application Entry Points & Trust Levels Identify Actors | Assets | Services | Roles | Data Sources Data Flow Diagramming (DFDs) | Trust Boundaries 4. Threat Analysis Probabilistic Attack Scenarios Analysis Regression Analysis on Security Events Threat Intelligence Correlation and Analytics 5. Vulnerability & Weaknesses Analysis Queries of Existing Vulnerability Reports & Issues Tracking Threat to Existing Vulnerability Mapping Using Threat Trees Scorings (CVSS/CWSS*) | Enumerations (CWE**/CVE***) 6. Attack Modelling Attack Surface Analysis Attack Tree Development | Attack Library Management Attack to Vulnerability & Exploit Analysis Using Attack Trees 7. Risk & Impact Analysis Qualify & Quantify Business Impact Countermeasure Identification and Residual Risk Analysis ID Risk Mitigation Strategies *Common Weakness Scoring System **Common Weakness Enumeration ***Common Vulnerabilities and Exposures Software Engineer Institute What this means in simple terms. 1. Start by figuring out the business's key objectives, security needs, compliance and what would happen if things went wrong 2. Map out the technical environment, including the system, apps and tools. This part is about the technological aspect and not about the people or processes. 3. Look at how the app works in detail, where users interact with it, and how data moves through the system 4. Analyse potential attack scenarios, use past data to spot patterns, and bring in intelligence on known threats from various trusted sources. Especially threats that happen in the real world. 5. Check for vulnerabilities in the system, connect threats to these weak points, score how severe they are. Check the codebase(collection of source code), the design, perform penetration testing and vulnerability management(cyclical practice of identifying, classifying, prioritising, remediating, and mitigating software vulnerabilities. 6. Link the threats and vulnerabilities, use tools like attacks trees to model how an attacker might exploit vulnerabilities and what the outcomes could be. 7. Evaluate the potential impact of attacks, identify ways to reduce risks, and figure out what's still left to address.