Knowing how an adversary could reach our sweet sweet cyber assets is an important set of mind. And to reach that specific mindset we first need to know important and basic concepts such as the Threat Modeling. 

It can be defined as the way of describing potential adverse effects on our assets caused by threat sources, external or internal ones. Yes, bad guys are also among us. 

Here are some of the most common threat modelling approaches, in order to simplify, those are explained as concrete as possible for better understatement. 

STRIDE: is an acronym that represents six threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. This method is often used to analyse threats in software applications.

This is like a list of six different kinds of troubles that the castle might face. These troubles are trying to trick you (Spoofing), mess with your castle's blocks (Tampering), say they didn't do anything wrong (Repudiation), find out secret stuff (Information Disclosure), make the castle not work (Denial of Service), or try to get extra powers (Elevation of Privilege).

DREAD: IMPORTANT, DREAD has been discontinued by 2008. But it is important to know, if you are studying for an exam, this hint that might be useful. Now into the matter, DREAD stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. This framework assigns scores to each category to assess the potential impact of a threat and prioritise mitigation efforts. This one is more focused on risk-assessment.

Think of this like giving each trouble a score. You see, some troubles are worse than others. DREAD helps you figure out how bad each trouble could be based on things like how much damage it could do, how easily it can happen again, how easy it is to actually do, how many people it might affect, and how easily someone could find out about it.

PASTA: Process for Attack Simulation and Threat Analysis involves seven stages: Define Objectives, Define Technical Scope, Application Decomposition, Threat Analysis, Vulnerability Analysis, Attack Modeling, and Risk Assessment. It focuses on simulating potential attacks to identify threats.

Is like a story. You start by saying what you want your castle to do, then you take it apart piece by piece and look for things that might go wrong. It's like checking each block to make sure they're all strong and can't be knocked down.

Trike: Threat and Risk Intelligence Knowledge base, is a comprehensive methodology that combines concepts from various threat modelling methodologies. It's particularly suitable for complex systems and environments.

Imagine you have three ways to think about the castle's safety. Trike takes the best parts of these three ways and mixes them together to make sure your castle is safe from tricky things.

VAST: Visual, Agile, and Simple Threat modelling emphasises a more streamlined and visual approach to threat modelling. It involves simple diagrams and focuses on identifying threats quickly and efficiently. Is based on the ThreatModeler commercial automated platform. 

Use of simple pictures to understand the troubles. You draw pictures of the castle and the things around it, and then you can easily see where the troubles might sneak in.

Kill Chain: The Cyber Kill Chain model breaks down the stages of a cyberattack, from reconnaissance to exfiltration. It helps organisations understand and prevent each step of an attack. Based on a military model.

Think of this like breaking the sneaky dragon's plan into different steps. You can implement a measurement to stop the intruder in each step and keep them from getting into your castle.

STRIDE/DREAD Combo: This approach combines elements of both the STRIDE and DREAD methodologies to provide a more comprehensive threat assessment.

The mixing of two different sets of ideas to be super safe. You're checking for troubles in many different ways to make sure your castle is really protected.

Octave Allegro: This method focuses on assessing operational risks in organisations by considering a variety of factors such as assets, threats, vulnerabilities, and impacts.

Is like thinking about all the possible troubles in your whole kingdom. You want to keep everything safe and make sure the castle and everything around it is well-guarded.

The next ones rather than Threat Models per se, are very helpful tools that Threat Models might use to reach their objectives.

Attack Trees: Attack trees are graphical representations of potential attack scenarios. They start with a high-level goal and break it down into different attack paths, helping to visualise and analyse complex attack possibilities.

This is like drawing a tree that shows all the steps the bad guys might take to get into your castle. It helps you see all the different things they could try and helps you stop them.

Data Flow Diagrams (DFD): While not a dedicated threat modelling methodology, DFDs are used to model how data flows through a system. By analysing these data flows, potential threats and vulnerabilities can be identified.

Imagine you're drawing lines to show how things move inside your castle. DFD helps you see where the sneaky dragons might try to enter by following the lines.

When choosing a threat modelling methodology, it's important to consider the specific characteristics of the system you're analysing, the level of detail you require, and the expertise of your team. Each methodology has its strengths and weaknesses, so selecting the right one for your context is crucial.

Source and further reading:

Harris, Shon & Maymí, Fernando. CISSP EXAM GUIDE Seventh Edition. New York McGraw Hill Education, 2016.

Security and Privacy Controls For Information Systems and Organizations, NIST Special Publication 800-53 Revision 5, U.S. Department of Commerce, September 2020