Software Engineering Institute

Much effort is expended implementing security controls and practices to address mandated policy. However, operational experience is showing that these steps are necessary, but not sufficient. The mantra to "think like an attacker" has been widely bandied by experts and contractors in the field. For those who struggle daily to make technology perform as needed, this advice poses a major challenge. Attacker capabilities are increasing continually. How should one determine and address possible system attacks?

System defenders need a systematic way to identify and enumerate potential threats and prioritize the mitigations. Threat modeling is a process that can meet that need. Defenders need to analyze the controls or defenses that should be incorporated into a design based on the attributes of the system, the profile of probable attackers, the most likely attack tactics, and likely attacker objectives.