Threat Modelling

Who is it for?

Threat Modelling should be utilised by anyone:

• Developing software,
• Utilising third party APIs,
• With complex business processes,
• Who would experience catastrophic business damage or reputation damage
  as a result of data loss,
• And any business holding sensitive data.

How can we help?

Our services will educate your employees in a positive and encouraging manner,
heightening awareness of threat modelling, whilst encouraging the identification of possible threats to an application or infrastructure prior to release.

Many organisations have the intention to improve the security of their applications and
infrastructure, but simply don’t know where to start. Secarma’s mission is to support the
implementation of threat modelling into your development processes and encourage
security-by-design.

What we test

There are a couple of threat modelling approaches that may be utilised, System Lead and Attacker Lead.

• System Lead focuses on the system as a whole, considering each process,
  data store, dataflow, external entity, and trust boundary.
• Attacker Lead focuses on threat actors and how they may compromise our
  system. This involves understanding threat actors and focusing on entry
  points rather than the system as a whole. It involves focusing on critical assets, and emphasis is placed on protecting critical assets instead of the entire system.