Threat Modeling Resources from Shostack + Associates
What is Threat Modeling?
Threat modeling is how we bring strategic, systematic, and comprehensive analysis to engineering. Discover what can go wrong in a system, even before you've built it. Threat modeling is a broad term, and includes engineering skills and practices. The depth and structure of threat modeling ranges from dialog at a whiteboard through large complex analyses. It is one of the most important, and misunderstood, parts of a security development lifecycle.
The very easiest way to get started threat modeling is by asking the Four Questions:
- What are we working on?
- What can go wrong?
- What are we going to do?
- Did we do a good job?
If you simply ask those Four Questions, you're threat modeling. Adam has a 60 second video on the subject.
Getting Started with Threat Modeling
While you can — and should — ask the Four Questions, many people want more. These resources are each a few pages long and designed to help.
- Threat Modeling: What, Why, and How?
- Rolling Out a Threat Modeling Program
- Security Engineering, the Who, What, Why and How (at ISACA).
- The Threat Modeling Manifesto written by Adam and 14 other threat modeling experts.
Sometimes people conflate threat intelligence and threat modeling. Adam addressed the difference in Threat Modeling: What, Why, and How, above. (Both that and "Rolling Out" were originally published at the MISTI Training Institute.)
We have a wide variety of innovative physical threat modeling tools available from Agile Stationery. They include whiteboard notebooks, stencils, Elevation of Privilege card decks, and the threat modeling manifesto posters.
When we were planning onsite training, we used to ask "are there lots of whiteboards?" Now, we ask "are the walls completely covered in whiteboards?" If not, we ship rolls of static cling whiteboards, and people always want to know how to get more.