This post – 9 benefits of Threat Modeling – is the second in a series to educate those who are interested in a first experience with Threat Modeling. Find the previous post here.
Intro to Threat Modeling part 2
9 benefits of Threat Modeling
This is the second post in our series about Threat Modeling (TM). The series is meant to provide basic information about the practice of Threat Modeling, why we love it and how it can make your organization more secure. Check out our previous post here: What is Threat Modeling?
These are the benefits you get from Threat Modeling your application or other system, during the design phase:
- Agreement on design: All parties involved are around the table and are looking at the design of the system. Any disagreement about how things (should) work easily come up and can be solved. We often see that people have a very different understanding about important system processes that are in place. This can be aligned easily with Threat Modeling.
- Completeness of vision: A Threat Model provides a high level view of the system. Analysis can go in depth as needed. This top down approach makes sure people understand the whole system with all its links.
- Shared security vision: Instead of just pointing out problems, as the typical penetration test does, Threat Modeling provides agreement on how to handle security. It aligns the security of your system to the organizational security policy.
- Flaw prevention: Obviously, we assume you are doing Threat Modeling during the design phase. Threat Modeling will show flaws that could turn into vulnerabilities, very early in the process. Preventing problems is cheap – solving them after the fact is not!
- Risk control: Threat Modeling doesn’t just discover flaws, but helps to calculate risk. This means you can prioritize mitigations and manage risk in the system according to the organization’s policies.
- Development priorities: When risk comes into view and is calculated, it gets easier to prioritize development to first handle the highest risk. Risk becomes a factor in planning the development of your system.
- Penetration test planning: A Threat Model dataflow diagram easily shows the weak spots in your design or the points where pressure might compromise the system. Those are great areas to designate for penetration testing. In large systems, penetration testing becomes more targeted, efficient and therefore more economical (you can save money!).
- Proof of ‘Security-by-Design’: Threat Modeling is the best way to show you have taken security and privacy into consideration during the design of your system. This is truly Security-by-Design (and Privacy-by-Design).
- Proof of compliance: When you are audited for compliance or you have to show a 3rd party that you are on top of security and privacy, pull out your up-to-date Threat Model and you’re good! Threat Models complement GDPR related Data Protection Impact Assessments (DPIAs) particularly well for more complex systems.
That’s it. Do you need more reasons to do Threat Modeling?
Read about our Threat Modeling practice or get trained yourself.
Read my next post ‘Threat Modeling versus Pentesting’.