Threat Modelling – Charles Marrow

A way of life due to the daily threats encountered. Almost everything is threat modelled regardless of the environment. Threat modelling can be executed in many different forms with many different outcomes. Mitigation of the threats is a fundamental core activity.

Software Threat Modelling

Generally performed during the SDLC in the Design phase, if conducted correctly and efficiently will save many hours and ensure a good security base layer is enveloped around the application. Software Threat modelling is conducted on the application inputs, outputs, interfaces and any converging devices. Using common industry best practises e.g. AWS security recommendation in the case of cloud services, or WP.29 in the case of autonomous vehicle security will ensure most or all known threats are considered. The threat model can then be moved to the next phase of mitigating against the defined threats. Preparing a good network or software architectural design will also support the threat model. All aspects of the application data bases and how they communicate with other services should be covered. Interacting devices and interfaces should also be analysed in the model.