Do threat modeling to find and resolve potential threats

Analyze each part of your workflow and consider what could go wrong. Use an industry-standard methodology to classify the identified threats.

Threat modeling helps you find and fix security threats before they become real problems. Analyzing your workload helps you put together a report that shows which attack paths are the most serious and helps you quickly find weak spots.

Contoso’s challenge

  • Even though they haven’t had a security problem yet, the workload team doesn’t have a clear way to check if all possible threats are covered by their current security setup.
  • They realize that there’s a gap in their security, and if something goes wrong, they might not be ready.

Applying the approach and outcomes

  • The team brings in a security consulting specialist to learn how to do threat modeling.
  • After their first exercise, they find that they have well-designed controls for most threat vectors, but there are some gaps:
    • One problem was in a data cleanup task that runs after Apache Spark jobs. It had two insider threat risks for data leaks.
    • An old system used by a race team that’s no longer active still had access to sensitive race data.
  • They’ve scheduled fixes for the next development cycle, including shutting down the old system.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *