Threat Model

Threat Model

Threat modeling has two distinct, but related, meanings in computer security. The first is a description of the security issues the designer cares about. This is the sense of the question, "What is the threat model for DNSSec?" In the second sense, a threat model is a description of a set of security aspects; that is, when looking at a piece of software (or any computer system), one can define a threat model by defining a set of possible attacks to consider. It is often useful to define many separate threat models for one computer system. Each model defines a narrow set of possible attacks to focus on. A threat model can help to assess the probability, the potential harm, the priority etc., of attacks, and thus help to minimize or eradicate the threats. More recently, threat modeling has become an integral part of Microsoft's SDL (Security Development Lifecycle) process. The two senses derive from common military uses in the United States and the United Kingdom.

Threat modeling is based on the notion that any system or organization has assets of value worth protecting, these assets have certain vulnerabilities, internal or external threats exploit these vulnerabilities in order to cause damage to the assets, and appropriate security countermeasures exist that mitigate the threats.

Read more about Threat Model:  Approaches To Threat Modeling, Example Threat Modeling Approach, See Also, References

Famous quotes containing the words threat and/or model:

    The reduction of nuclear arsenals and the removal of the threat of worldwide nuclear destruction is a measure, in my judgment, of the power and strength of a great nation.
    Jimmy Carter (James Earl Carter, Jr.)

    The best way to teach a child restraint and generosity is to be a model of those qualities yourself. If your child sees that you want a particular item but refrain from buying it, either because it isn’t practical or because you can’t afford it, he will begin to understand restraint. Likewise, if you donate books or clothing to charity, take him with you to distribute the items to teach him about generosity.
    Lawrence Balter (20th century)