Asset-centric threat modelling

Asset-centric threat modelling is a natural step after adversary-centric threat modelling and predominately internally focused on the impact of a compromise. The desired output is a prioritized list of threats, which can then be further examined to assess impact. This approach asks questions for which we partly have an answer having used adversary-centric threat modelling first:

  • What assets require protection?
  • What level of protection is required?
  • How might an asset be compromised?
  • What is the impact if protection fails?

Asset-centric approaches to threat modelling use attack trees, attack graphs, or visually illustrate patterns by which an asset can be attacked. Security professionals often argue that such approaches to threat modelling can be classified as the result of a software-centric design approach, but it can also be used together with decision analysis for security improvements.

Attack trees provide a graphical representation of how attacks might succeed and allow a probabilistic analysis on which attacks are most likely to succeed. They are a great brainstorm tool, accessible and easy to use for non-techies and allow people to play the part of the adversary. And they can be shared and collected (and regularly updated when new information becomes available).