David is a freelance writer specializing in technology. He holds a BA in communication.
Security might be a nebulous topic, but you can make your business more secure by anticipating the kinds of threats you might face. You could deal with natural disasters, hackers, even rogue employees. A little time spent on prevention can be worth more than a pound of cure.
Everyone, ranging from self-employed professionals to enterprise companies, will have to deal with some kind of security threat. For the purposes of this lesson, we'll define a threat as something that will prevent a user from accessing some kind of asset, namely important data. Threat modeling is the process of identifying assets that you want to protect from threats.
The threats vary from person to person. The biggest risk a person using a laptop faces is someone stealing it, while a company running a web app will mainly have to worry about hackers breaking in from the outside.
The Electronic Frontier Foundation has an excellent set of questions that everyone should ask themselves when defining threats:
What do you want to protect?
Who do you want to protect it from?
How likely is it that you will need to protect it?
How bad are the consequences if you fail?
How much trouble are you willing to go through in order to try to prevent those?
Ultimately, threat modeling is about figuring out what you want to protect. The actions that you'll take to protect your assets will flow from this decision.
Let's take one example of how threat modeling might be used in practice. FaceSpace is a social media network that wants to make sure its security is up to par, so its security team is conducting a threat model on its entire infrastructure.
A social media service's biggest assets will be its user base, messages, photos, among other things. A lot of this information is sensitive, so the company will go to great lengths to keep it safe while balancing that against the need to be available to users.
Most of the company's threats will be external: mainly hackers exploiting weaknesses in its software. The company will spend most of its efforts making sure that all of the inputs are handled properly, lessening the possibility of a buffer overflow or SQL injection attack.
Since the company's application is database-driven, they'll also have to vet their database and database administrators very carefully. Ideally, administrators will have the minimum permissions necessary to doing their job. They won't be able to access or make changes to the entire database.
Modern web applications have all sorts of components that work together and all have their own threats, so security professionals will have to analyze all these components together to figure out all how all these pieces are vulnerable. This could range from the file servers to individual developer laptops that are logged into production servers. The company's security requirements will change as the hardware and software components of its system change.
The company might try penetration testing to see if they can break into all of these components the way a hacker would. They'll document and fix any problems they'll find and revisit these threat modeling plans periodically.
The company doesn't just face threats from humans. Nature has all kinds of threats, ranging from tornadoes to hurricanes to earthquakes. Given that FaceSpace is located in the Bay Area, earthquakes are a big concern. Fortunately, their new data center is in a seismically reinforced building with generators in case of power failure, making sure the company's offsite backups are reliable is always a good idea. Even better, they have alternate data centers that will come online in case the main one fails.
Other threats might include government surveillance, malware and even warfare.
The great thing about threat modeling is that it forces you to think through all the issues that make you secure or insecure. Security can be a vague concept, but by taking a few moments to think about what you want to protect and how you should protect it, you really can make yourself more secure.
Threat modeling is the process of defining what an organization wants to protect and the steps taken to protect it. Threat modeling involves protecting assets from threats. The goal is to anticipate potential threats and eliminate or mitigate them.
To unlock this lesson you must be a Study.com Member.
Create your account
Already a member? Log In
BackAlready registered? Log in here for access
Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.
To learn more, visit our Earning Credit Page
Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.
Back To Course
Information & Computer Security Training10 chapters | 131 lessons
{{courseNav.course.topics.length}} chapters | {{courseNav.course.mDynamicIntFields.lessonCount}} lessons | {{course.flashcardSetCount}} flashcard set{{course.flashcardSetCoun > 1 ? 's' : ''}}
| 30 day money back guarantee | |||
|
Starting
Original Price |
/yr | /mo | |
| Just Just | /day | ||
| Discount For months |
- % - | / | |
| Referral Credit | - | ||
|
Price after trial Starting Price starting today |
/ | ||
| Referral Credit |
- | ||
| Price starting today | / | ||
| Just Just | Just Just | /day | |
| Save % off monthly plan | /mo | ||
| Just | /mo | ||
| Price | /yr | ||
Your Cart is Empty. Please Choose a Product.
Watch 5 minute video clips, get step by step explanations, take practice quizzes and tests to master any topic.
Study.com has a library of 450,000 question and answers for covering your toughest textbook problems
I love the way expert tutors clearly explains the answers to my homework questions. Keep up the good work!
- Maritess, College StudentStudy.com video lessons have helped over 30 million students.
"I learned more in 10 minutes than 1 month of chemistry classes"
- Ashlee P.
"I learned more in 10 minutes than 1 month of chemistry classes"
- Ashlee P.
"I aced the CLEP exam and earned 3 college credits!"
- Clair S.
Over 65 million users have prepared for {{displayNameByProductKey[registrationData.product || testPrepCocoon]}} and other exams on Study.com
"The videos have changed the way I teach! The videos on Study.com accomplish in 5 minutes what would take me an entire class."
- Chris F.
Over 65 million users have prepared for {{displayNameByProductKey[registrationData.product || testPrepCocoon]}} and other exams on Study.com
Over 65 million users have prepared for {{displayNameByProductKey[registrationData.product || testPrepCocoon]}} and other exams on Study.com
