IT Graduate Certificate in Information Security and Assurance


Course Description


(4) IT 6832 Threat Modeling


Course Description: This course discusses a structured approach for identifying, evaluating, and mitigating risks to system security. Topics include how to use the threat modeling methodology to analyze information systems from the adversary’s point of view, creating a set of data points that help drive security specifications and testing, how to use threat modeling to help improve the built-in security features of a system and increase customer confidence in the products, as well as integrating threat modeling into system development efforts.


Course Prerequisites: IT 6001 Introduction to Information Security, or IT 6823 Information Security Concepts and Administration


Course Outline:

Introduction to Application Security

·    Historical perspective: Setting the stage for threat modeling

·    Code reviews during design and implementation

·    Why application security is critical to business

·    The application security life cycle

·    Elements of application security

·    Roles in application security

Why Threat Modeling?

·    Defining threat modeling

·    Examining the threat modeling process

·    Organizing a threat model

How an Adversary Sees an Application

·    The adversary’s goals

·    Principles of the data flow approach

·    Analyzing entry points

·    Determining which assets are of interest

·    Trust levels

Constraining and Modeling the Application

·    Gathering relevant background information

·    Modeling the application through data flow diagrams

The Threat Profiles

·    Identifying threats

·    Investigating threats with threat trees

·    Vulnerability resolution and mitigation

Choosing What to Model

·    Creating feature-level threat models

·    Creating application-level threat models

·    Knowing when a threat model is finished

·    Questions threat model teams should pose

Testing Based on a Threat Model

·    The benefits and shortcomings of security testing

·    Using threat models to drive security testing

·    Characterizing the application’s security risk

Making Threat Modeling Work

·    Planning and documenting

·    Scheduling and Determining costs

·    Revisiting the threat model

·    Managing the threat modeling process

Sample Threat Models

·    Fabrikam Phone 1.0

·    Humongous Insurance Price Quote Website

·    A Datum Access Control API