1 00:00:00,005 --> 00:00:01,006 - [Instructor] Threat modeling 2 00:00:01,006 --> 00:00:04,007 is an important part of the risk management process. 3 00:00:04,007 --> 00:00:07,000 It provides valuable information 4 00:00:07,000 --> 00:00:09,002 about the threats facing an organization 5 00:00:09,002 --> 00:00:13,000 and the attack types that those threats might engage in. 6 00:00:13,000 --> 00:00:15,008 As the organization identifies vulnerabilities 7 00:00:15,008 --> 00:00:18,003 that it might have to specific threats, 8 00:00:18,003 --> 00:00:21,005 it should continue to evolve its security controls. 9 00:00:21,005 --> 00:00:25,003 Let's take a look at the technology and process remediation 10 00:00:25,003 --> 00:00:28,004 that should accompany threat modeling efforts. 11 00:00:28,004 --> 00:00:30,004 From a technology perspective, 12 00:00:30,004 --> 00:00:33,002 threat modeling should prompt periodic reviews 13 00:00:33,002 --> 00:00:35,005 of the security infrastructure. 14 00:00:35,005 --> 00:00:36,005 For example, 15 00:00:36,005 --> 00:00:39,006 if security analysts see the issue of data theft 16 00:00:39,006 --> 00:00:42,008 coming up repeatedly and they're a threat modeling, 17 00:00:42,008 --> 00:00:44,008 this may indicate a deficiency 18 00:00:44,008 --> 00:00:47,004 in the organizations ability to combat the loss 19 00:00:47,004 --> 00:00:49,005 of confidential information. 20 00:00:49,005 --> 00:00:51,004 It becomes even more concerning 21 00:00:51,004 --> 00:00:54,000 if actual data loss incidents take place 22 00:00:54,000 --> 00:00:55,008 in the organization. 23 00:00:55,008 --> 00:00:57,007 This combination of circumstances 24 00:00:57,007 --> 00:01:01,000 should prompt a review of whether the organization 25 00:01:01,000 --> 00:01:04,006 has appropriate data protection controls in place. 26 00:01:04,006 --> 00:01:07,002 An organization in this situation 27 00:01:07,002 --> 00:01:10,003 might decide to implement a data loss prevention 28 00:01:10,003 --> 00:01:12,007 or DLP system that can identify 29 00:01:12,007 --> 00:01:17,001 and block attempts to exfiltrate confidential records. 30 00:01:17,001 --> 00:01:20,000 Implementing this control reduces the likelihood 31 00:01:20,000 --> 00:01:21,002 of future incidents 32 00:01:21,002 --> 00:01:24,006 and changes the threat model significantly. 33 00:01:24,006 --> 00:01:27,006 Software development companies have special concerns, 34 00:01:27,006 --> 00:01:29,002 because they must not only conduct 35 00:01:29,002 --> 00:01:30,009 their own threat modeling, 36 00:01:30,009 --> 00:01:33,008 but also consider the threats facing their customers 37 00:01:33,008 --> 00:01:36,007 when customers use their software products. 38 00:01:36,007 --> 00:01:39,007 If a threat model detects repeated deficiencies 39 00:01:39,007 --> 00:01:42,001 that may effect customer security, 40 00:01:42,001 --> 00:01:44,004 the vendor might respond by making 41 00:01:44,004 --> 00:01:47,008 a significant change in software architecture. 42 00:01:47,008 --> 00:01:50,009 Finally, organizations may need to adapt their 43 00:01:50,009 --> 00:01:53,005 operational processes based upon the results 44 00:01:53,005 --> 00:01:55,001 of threat models. 45 00:01:55,001 --> 00:01:58,007 For example, if an organization is repeatedly stung 46 00:01:58,007 --> 00:02:01,006 by attackers using an automated direct deposit 47 00:02:01,006 --> 00:02:03,003 payroll change form, 48 00:02:03,003 --> 00:02:05,005 the organization should of course 49 00:02:05,005 --> 00:02:08,000 consider technical changes to that form 50 00:02:08,000 --> 00:02:09,008 to make it more secure. 51 00:02:09,008 --> 00:02:11,005 But, at the same time, 52 00:02:11,005 --> 00:02:14,002 they might also change their business practices 53 00:02:14,002 --> 00:02:16,002 to require that the payroll department 54 00:02:16,002 --> 00:02:19,002 call to confirm direct deposit changes 55 00:02:19,002 --> 00:02:23,003 with the employee before relying upon the new information. 56 00:02:23,003 --> 00:02:26,002 These are three examples of how organizations might 57 00:02:26,002 --> 00:02:30,003 adapt their technology and processes to remediate threats. 58 00:02:30,003 --> 00:02:32,001 The important lesson to take away 59 00:02:32,001 --> 00:02:34,005 is that threat modeling should inform the rest 60 00:02:34,005 --> 00:02:36,002 of the security program, 61 00:02:36,002 --> 00:02:38,002 and the results of threat models 62 00:02:38,002 --> 00:02:40,001 may require adjustments to the way 63 00:02:40,001 --> 00:02:42,000 the organization does business.