Introduction
Threat modeling is an effective technique to help you identify threats and find ways to reduce risk. It helps you choose what to focus on when identifying what needs to be protected, or how an attacker could operate in the system.
Focusing on what's important
Having the right focus helps you tailor the threat-modeling exercise to produce quality results.
Examples include:
- Designing a file sharing-application and focusing on protecting its processes, data stores, and data-flow.
- Designing a file-sharing application and focusing on learning more about the attacker.
- Include the attacker's motives and possible means to target your application.
In this module, you explore what it means to conduct a system-focused threat-modeling exercise. Also, you learn the high-level differences between system-, asset-, and attacker-focused approaches.
Learning objectives
In this module, you learn how to:
- Define a system-focused threat modeling exercise.
- Explain the high-level differences between the system-, asset-, and attacker-focused approaches.
Prerequisites
- None