This post—9 benefits of Threat Modeling—is the second in a series to educate those who are interested in having their first experience with Threat Modeling. The previous post can be found here.
Intro to Threat Modeling Part 2
9 Benefits of Threat Modeling
This is the second post in our series about Threat Modeling (TM). The series is meant to provide basic information about the practice, why we love it, and how it can make your organization more secure. Check out our previous post here: What is Threat Modeling?
These are the benefits you get from Threat Modeling your application or other system during the design phase:
- Agreement on design: All parties involved are around the table and looking at the system’s design. Any disagreement about how things (should) work easily arises and can be solved. People often have very different understandings of the critical system processes in place. This can be aligned easily with Threat Modeling.
- Completeness of vision: A Threat Model provides a high-level view of the system. Analysis can go in-depth as needed. This top-down approach ensures that people understand the whole system and all its links.
- Shared security vision: Instead of just pointing out problems, as the typical penetration test does, Threat Modeling provides agreement on handling security. It aligns the security of your system with the organizational security policy.
- Flaw prevention: Obviously, we assume you are doing Threat Modeling during the design phase. Threat Modeling will show flaws that could become vulnerabilities early in the process. Preventing problems is cheap — solving them after the fact is not!
- Risk control: Threat Modeling discovers flaws and helps calculate risk. This means you can prioritize mitigations and manage risk in the system according to the organization’s policies.
- Development priorities: When risk comes into view and is calculated, it gets easier to prioritize development to first handle the highest risk. Risk becomes a factor in planning the development of your system.
- Penetration test planning: A Threat Model data flow diagram easily shows the weak spots in your design or the points where pressure might compromise the system. Those are great areas to designate for penetration testing. In large systems, penetration testing becomes more targeted, efficient, and therefore more economical (you can save money!).
- Proof of ‘Security-by-Design’: Threat Modeling is the best way to show you have considered security and privacy during the design of your system. This is truly Security-by-Design (and Privacy-by-Design).
- Proof of compliance: When you are audited for compliance or have to show a third party that you are on top of security and privacy, pull out your up-to-date Threat Model, and you’re good! Threat Models complement GDPR-related Data Protection Impact Assessments (DPIAs) particularly well for more complex systems.
That’s it. Do you need more reasons to do Threat Modeling?
Read about our Threat Modeling practice or get trained yourself.
Read our next post ‘Threat Modeling versus Pentesting’.