Threat Modeling for Enterprise Cybersecurity Architecture

2022 Systems and Information Engineering Design Symposium (SIEDS) Pub Date : 2022-04-28 DOI:10.1109/sieds55548.2022.9799322

Branko Bokan, Joost Santos

{"title":"Threat Modeling for Enterprise Cybersecurity Architecture","authors":"Branko Bokan, Joost Santos","doi":"10.1109/sieds55548.2022.9799322","DOIUrl":null,"url":null,"abstract":"The traditional threat modeling methodologies work well on a small scale, when evaluating targets such as a data field, a software application, or a system component–but they do not allow for comprehensive evaluation of an entire enterprise architecture. They also do not enumerate and consider a comprehensive set of actual threat actions observed in the wild. Because of the lack of adequate threat modeling methodologies for determining cybersecurity protection needs on an enterprise scale, cybersecurity executives and decision makers have traditionally relied upon marketing pressure as the main input into decision making for investments in cybersecurity capabilities (tools). A new methodology, originally developed by the Department of Defense then further expanded by the Department of Homeland Security, for the first time allows for a threat-based, end-to-end evaluation of cybersecurity architectures and determination of gaps or areas in need of future investments. Although in the public domain, this methodology has not been used outside of the federal government. This paper examines the new threat modeling approach that allows organizations to look at their cybersecurity protections from the standpoint of an adversary. The methodology enumerates threat actions that have been observed in the wild using a cyber threat framework and scores cybersecurity architectural capabilities for their ability to protect, detect, and recover from each threat action. The results of the analysis form a matrix called capability coverage map that visually represents the coverage, gaps, and overlaps against threat actions. The threat actions can be further prioritized using a threat heat map – a visual representation of the prevalence and maneuverability of threat actions that can be overlaid on top of a coverage map. The paper discusses the new threat modeling methodology and proposes future research with a goal to establish a decision-making framework for selecting cybersecurity architectural capability portfolios that maximize protections against known cybersecurity threats.","PeriodicalId":286724,"journal":{"name":"2022 Systems and Information Engineering Design Symposium (SIEDS)","volume":"273 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-04-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Systems and Information Engineering Design Symposium (SIEDS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/sieds55548.2022.9799322","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

The traditional threat modeling methodologies work well on a small scale, when evaluating targets such as a data field, a software application, or a system component–but they do not allow for comprehensive evaluation of an entire enterprise architecture. They also do not enumerate and consider a comprehensive set of actual threat actions observed in the wild. Because of the lack of adequate threat modeling methodologies for determining cybersecurity protection needs on an enterprise scale, cybersecurity executives and decision makers have traditionally relied upon marketing pressure as the main input into decision making for investments in cybersecurity capabilities (tools). A new methodology, originally developed by the Department of Defense then further expanded by the Department of Homeland Security, for the first time allows for a threat-based, end-to-end evaluation of cybersecurity architectures and determination of gaps or areas in need of future investments. Although in the public domain, this methodology has not been used outside of the federal government. This paper examines the new threat modeling approach that allows organizations to look at their cybersecurity protections from the standpoint of an adversary. The methodology enumerates threat actions that have been observed in the wild using a cyber threat framework and scores cybersecurity architectural capabilities for their ability to protect, detect, and recover from each threat action. The results of the analysis form a matrix called capability coverage map that visually represents the coverage, gaps, and overlaps against threat actions. The threat actions can be further prioritized using a threat heat map – a visual representation of the prevalence and maneuverability of threat actions that can be overlaid on top of a coverage map. The paper discusses the new threat modeling methodology and proposes future research with a goal to establish a decision-making framework for selecting cybersecurity architectural capability portfolios that maximize protections against known cybersecurity threats.

查看原文本刊更多论文

面向企业网络安全架构的威胁建模

当评估数据字段、软件应用程序或系统组件等目标时，传统的威胁建模方法在小范围内工作得很好，但是它们不允许对整个企业架构进行全面评估。他们也没有列举和考虑在野外观察到的一套全面的实际威胁行为。由于缺乏足够的威胁建模方法来确定企业规模的网络安全保护需求，网络安全高管和决策者传统上依赖于营销压力作为网络安全能力(工具)投资决策的主要输入。一种新方法最初由国防部开发，随后由国土安全部进一步扩展，首次允许对网络安全架构进行基于威胁的端到端评估，并确定需要未来投资的差距或领域。尽管在公共领域，这种方法还没有在联邦政府之外使用。本文研究了新的威胁建模方法，该方法允许组织从对手的角度来看待他们的网络安全保护。该方法列举了使用网络威胁框架在野外观察到的威胁行为，并对网络安全架构功能的保护、检测和从每个威胁行为中恢复的能力进行评分。分析的结果形成一个称为能力覆盖图的矩阵，可视化地表示针对威胁行动的覆盖、缺口和重叠。可以使用威胁热图进一步确定威胁行动的优先级——威胁行动的流行程度和可操作性的可视化表示，可以覆盖在覆盖图上。本文讨论了新的威胁建模方法，并提出了未来的研究目标，以建立一个决策框架，以选择网络安全架构能力组合，最大限度地保护已知的网络安全威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 Systems and Information Engineering Design Symposium (SIEDS)

自引率

0.00%

发文量