Available online at https://threat-modeling.net/threat-modeling-of-threat-modeling/
Created by Hendrik Ewerlin - https://hendrik.ewerlin.com/security - 2024-07-09
This document threat models threat modeling. #meta
Threat modeling will more likely be a success if we tame the threats to the threat modeling process.
Shostack’s Four Question Framework poses the questions a threat modeling process should answer, in particular, "What can go wrong?" and "What are we going to do about it?". These go to the secure properties of a system, which can also be expressed as:
A system is secure iff it is protected from danger.
What follows then is answering the questions, explicitly, what dangers and threats exist against the system, and what are the protections and mitigations we can put in place. These answers make threats visible, fulfilling the goal of Clarity and tames them, fulfilling the goal of Security.
The ultimate goal is to create a secure system. We create that system by threat modeling and implementing mitigations. This is a security activity performed by humans and we can investigate it’s usability (see ISO 9241-11:2018) considering effectiveness, efficiency and satisfaction. Usability, in it’s core, is about helping people achieve their goals with something you offer.