Home » Functions » Test (RC.RT) » RC.RT-2 Threat Modelling

Description

Organisations must document system security design, analyse the design for potential issues, review and analyse against common cyber-attack patterns, tactics, techniques and procedures, and recommend and manage recovery, response and mitigation [33]. Threat modelling as a form of risk assessment is used to model aspects of the attack and defence sides of a particular logical entity, e.g. data, application, host, platform or service [34]. Cyber recovery threat modelling allows recovery analysts and the business to understand how different types of threats may exploit their assets, and through what means, in order that appropriate recovery controls (see RC.CC) are deployed to mitigate the likelihood and impact. It is pertinent to note that every organisation is resource-constrained and thus cannot implement every possible risk mitigations [31], therefore, one purpose of threat modelling is to be used to identify recovery contingencies, which then allows the organisation to understand, plan and document recovery contingencies. See also RC.CI-6.

Outcomes / Outputs

(Conduct / Fix / Ingest / List / Plan / Procure / Produce / Report / Review / Set / Test  / Train )

1. Conduct threat modelling
2. Report of threat modelling against systems, configurations, designs, architecture and operations.

Reference

31. Deborah J. Bodeau, Catherine D. McCollum and David B. Fox (2018), “Cyber Threat Modeling: Survey, Assessment and Representative Framework”, April 7, 2018. Retrieved Dec. 2019. https://www.mitre.org/sites/default/files/publications/pr_18-1174-ngci-cyber-threat-modeling.pdf

33. DoD (2019), “Department of Defense Enterprise DevSecOps Reference Design”, Version 1.0,12 August 2019
34. NIST Special Publication800-154 (2016), “Guide to Data-Centric System Threat Modeling”, NIST April 15, 2016.