search menu icon-carat-right cmu-wordmark

Attack Surface Analysis - Reduce System and Organizational Risk

White Paper
This paper offers system defenders an overview of how threat modeling can provide a systematic way to identify potential threats and prioritize mitigations.

Software Engineering Institute


Much effort is expended implementing security controls and practices to address mandated policy. However, operational experience is showing that these steps are necessary, but not sufficient. The mantra to "think like an attacker" has been widely bandied by experts and contractors in the field. For those who struggle daily to make technology perform as needed, this advice poses a major challenge. Attacker capabilities are increasing continually. How should one determine and address possible system attacks?

System defenders need a systematic way to identify and enumerate potential threats and prioritize the mitigations. Threat modeling is a process that can meet that need. Defenders need to analyze the controls or defenses that should be incorporated into a design based on the attributes of the system, the profile of probable attackers, the most likely attack tactics, and likely attacker objectives.