Incorporating Threat Modeling Into the Security Systems Development Life Cycle (Week 4)

For the past few weeks I have been studying the threat modeling process and developing my own threat modeling process to identify threats for a system or application.  While revising my initial threat model it occurred to me that threat modeling can and probably should be incorporated into the security systems development life cycle (SecSDLC).

The SecSDLC is a process conducted in phases.  Each phase is dependent on the completion of the previous stage and the information obtained from it.  The SecSDLC process consists of six phases: investigation, analysis, logical design, physical design, implementation, and maintenance.  Whiteman and Mattord (2010) used a waterfall model to illustrate the process.

The identification of threats and the risk they create are a few of the primary goals of the SecSDLC process.  Incorporating the threat modeling process into the SecSDLC process would be an effective way to accomplish those goals.  So where in the SecSDLC process would threat modeling fit into?

Well, the analysis phase is where threats and attacks are analyzed to determine the effects they could have on a system and the services provided on it.  Therefore, it would be logical to conduct threat modeling before or in conjunction with the analysis phase of the SecSDLC process.  With threat modeling incorporated before or during the analysis phase, the process illustration can be slightly altered to one of the following:

 

The constantly changing threat landscape makes it challenging for organizations to develop and maintain controls to mitigate their risk exposure.  Incorporating a threat modeling process into the SecSDLC will ensure threats are assessed regularly in order to sustain an accurate risk profile so it can be mitigated to an acceptable level.

References

Whitman, M., & Mattord, H. (2010). Management of information security (3rd ed.). Boston, MA: Course Technology Cengage Learning.