Threat Modelling Methodologies
                     Threat 
Modellin
g
Methodo
logies
● It allows CTOs to protect their enterprise in the digital realm. 
Benefits of Cyber Essential resources are redirected so that cyber security 
Threat Modeling at a experts can keep their enterprise protected.
● Cyber threat mitigation plans are prepared on priority in a 
Glance bid to ensure that cyber security solutions can be readily 
implemented.
● It allows CTOs to ensure that defense mechanisms are 
periodically updated, in line with ever-evolving cyber threats.
● Security vulnerabilities in proprietary software are patched 
on time before they can be exploited by cybercriminals.
An experienced threat response consultant would rely on STRIDE cyber threat modeling 
methodology from the get-go. This threat model is the brainchild of engineers at Microsoft. 
One of the compelling upsides of this threat model is its ability to evaluate individual systems.
STRIDE can be used to detect threats such as –
STRIDE 
-Threat ● Spoofing — users or programs that pretend to be something or someone they are not.
Modeling ● Tampering — a modified section of source code in a website or app that can be used as a backdoor to gain illegal access.
● Repudiation — instances when threat events go unnoticed.
● Information disclosure — in the form of leaked or exposed business-critical 
data.
● Denial of service (DoS) — where a website crashes and become unavailable 
for business use due to online traffic overload from spam sources.
● Elevation of privilege — where cybercriminals give themselves admin-level 
clearance to a system of an enterprise and carry out a full-blown cyber 
attack.
As per the spokesperson of a revered provider of 
cyber security consulting services, PASTA is yet another revered cyber threat 
modeling methodology.
PASTA is the abbreviation for Process for Attack Simulation and Threat Analysis. It 
is a cyber attacker-centric methodology that entails seven steps.
The steps are as follows -
PASTA Cyber The business objectives are first defined.
Threat ● The next step is defining the technical scope of components and assets.● The next step is the decomposition of the affected application and 
Modeling identifying its set of controls that have been compromised.● The following step is the analysis of threat(s) which is based on threat 
Methodology intelligence.● After that, the affected software or sections in the affected IT 
infrastructure will be scanned for vulnerabilities.
● Following that, detailed modeling of the attack will commence and then
● A risk analysis will commence followed by the development of 
countermeasures.
CVSS stands for Common Vulnerability Scoring System. It is a 
standardized cyber threat scoring system. It allows a cyber security 
expert to assign scores to known cyber threats.
This system entails a design that allows cyber security experts –
CVSS Threat 
● Run treat assessments
Modeling ● Apply and assess threat intelligence
● Identify the impact of a cyber-attack and
Methodology ● Identify the countermeasures that are being used by an 
enterprise against incoming threats in real-time.
Cyber resilience should be the norm in small, medium and large-
scale enterprises. Cyber threat has exacted a heavy toll on the online 
community, posing constant fear of the breach of sensitive data. So 
threat modelling is taking a step back, assessing your organization’s 
digital and network assets, identifying weak spots, determining 
what threats exist, and developing plans to protect or recover. The 
best results can only be achieved by hiring a third party that excels 
in offering cybersecurity solutions.
THANKYOU