A single, authoritative and flexible tool for Threat Modeling

April 25, 2020 — Leave a comment

In the previous article, we have discussed how various roles have entirely different needs, and we have left with a question: could a single tool address them all?

We have already understood that a single tool is the way to go because it would represent a single source of truth. It is of utter importance to manage essential topics like those related to Security risks through an authoritative source of truth. Let’s be clear: this doesn’t mean that you should not use your favored Issue Tracking software. On the contrary, as we have seen for Elliot, our resident Project Manager, we do expect advanced Threat Modeling tools to integrate with Issues Tracking applications and any other software that is already used by your organization. No, what it does mean, is that we need the Threat Modeling tool to become the authoritative source of truth for the organization for everything related to the Security risks of the covered scenarios. From that point of view, the integrations would allow the Threat Modeling tool to get and provide information to the tools already in use for the organization, which would be somewhat augmented and enriched by this integration.

Still, we need to have a unique place where we could return to understand the security of the various solutions managed by the organization, the impact of changes, the current risk represented for the organization, and how the said risk will change over time per effect of the planned mitigation activities. We cannot rely on many different tools to get this result because they may have synchronization issues, and it would be difficult to get a coherent vision out of them.

But how to achieve this result? Most traditional Threat Modeling tools cover the needs of the Threat Modelers first, and then they may potentially have more advanced features to help them communicate with other roles. We do not need this anymore. We need much more than that: Threat Modeling needs to grow from being a simple process to understand the security risks, to fulfill its potential of being the central process for Risk Management.

The point is to make Threat Modeling more useful for everyone, respecting each one’s requirements, without sacrificing the experience of security experts or other roles. We need to grow the process so that it provides value through the whole software lifecycle.

The central concept to achieve this goal is to adopt different specialized views over the same source of truth. As a result, the expert Threat Modeler would have access to very advanced tools to increase her effectiveness and efficiency. At the same time, the beginner would get a more guided experience, hiding the most advanced functionalities. A simplified implementation of this approach would be to have multiple levels: for example, one for the expert, one for the beginner, one for the Project Manager or Product Owner, and one for the Business Decision-Maker. Each one of those levels would hide more and more functionalities, to simplify the experience.

Would that be enough? I do not think so: turning off features is not equivalent to provide specialized views. Not only Business Decision-Makers would be better off with a simplified interface, but they would also need specific tools, for example to keep track of their decisions related to exception management.

If you think about it, exception management represents a very peculiar feature, characterized the assignment of more capabilities to the Business Decision-Maker than to the Threat Modelers. In most cases, the vice-versa would instead happen. Is this an isolated case? Quite frankly, I am not sure. There is still a lot to be understood about the potential scenarios which we need to cover.

But that much is clear: Threat Modeling has a vital role to play, and we have just started to get a glimpse of its possibilities. It is our responsibility to fulfill its promises.

We are at the end of this post. And for a while, we will stop our discussion of Threat Modeling future, to shift the focus to another urgent topic: how can you be a better Threat Modeler? If you are a faithful reader of those pages, you’ll recall that we have started talking about Quality for Threat Models and other topics around our beloved security practice, but knowing the technicalities is not enough. So, since next week we will start introducing the skills you need to exercise to be a capable Threat Modeler and produce high-quality Threat Models.

For now, stay safe and happy Threat Modeling!

No Comments

Be the first to start the conversation!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.