Author: Richard Henderson / Source: CSO Online
Threat Abstraction and Modeling is an important piece of planning in the enterprise as it can be used as an approach to better secure software.Spending some time during your planning stages thinking about threats and potential threats to your latest project can pay for itself in spades when the rubber meets the road and you’re ready to build out or deploy your latest software project or infrastructure installation.
While on its surface, the topic of threat modeling seems like an advanced skill and above your pay grade, in reality, as humans, we have a predisposition to employ threat modeling in our lives already. For example, you may already ask yourself:
“Do I walk alone down that poorly-lit alley at night?”
“Should I shield the PIN pad from view when I enter my PIN at the ATM?”
“Why is this person walking so close to me?”
“Is it okay to leave my backpack in the back seat of my car?”
“I’m late… do I take the chance in speeding to my meeting or running that red light?”
These are some of the myriad of threats or potential threats we face on a daily basis, and this type of thinking has a direct relation to thinking about threats in the world of information technology. Threat modeling and abstraction really boils down to this simple point: when building things, whether it be software or systems, you need to spend some time considering and predicting the various threats…
Click here to read more