An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges

Nitin Naik; Paul Jenkins; Paul Grace; Dishita Naik; Shaligram Prajapat; Jingping Song

doi:10.1007/978-3-031-74443-3_15

An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges

Nitin Naik^*
, Paul Jenkins
, Paul Grace
, Dishita Naik
, Shaligram Prajapat
, Jingping Song

^*Awdur cyfatebol y gwaith hwn

Ysgol Dechnolegau Caerdydd

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Cyfraniad mewn cynhadledd › adolygiad gan gymheiriaid

Crynodeb

The proliferation of cybersecurity threats is posing substantial security risks to organisations; therefore, it requires robust countermeasures and defence mechanisms for organisational IT systems, applications and data. Threat modelling is a process of identifying, analysing, prioritising and mitigating threats and their associated vulnerabilities in a system or network. Understanding the threat modelling process, as well as its benefits and limitations, whilst selecting an appropriate threat modelling method that may assist cybersecurity experts in their comprehensive security assessments. The assessments are designed to uncover security gaps and potential threats, to develop robust countermeasures against these potential threats and strengthening the security of organisational IT systems, applications and data. This paper will present a comprehensive study concerning threat modelling including the phases involved in threat modelling, types of threat models and benefits and challenges of threat modelling. Therefore, this comprehensive study concerning threat modelling will simplify the essential terminologies of threat modelling to users in a clear and concise manner.

Iaith wreiddiol	Saesneg
Teitl	Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024
Golygyddion	Nitin Naik, Paul Grace, Paul Jenkins, Shaligram Prajapat
Cyhoeddwr	Springer Science and Business Media Deutschland GmbH
Tudalennau	260-270
Nifer y tudalennau	11
ISBN (Argraffiad)	9783031744426
Dynodwyr Gwrthrych Digidol (DOIs)	https://doi.org/10.1007/978-3-031-74443-3_15
Statws	Cyhoeddwyd - 20 Rhag 2024
Digwyddiad	International Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024 - London, Y Deyrnas Unedig Hyd: 3 Gorff 2024 → 4 Gorff 2024

Cyfres gyhoeddiadau

Enw	Lecture Notes in Networks and Systems
Cyfrol	884 LNNS
ISSN (Argraffiad)	2367-3370
ISSN (Electronig)	2367-3389

Cynhadledd

Cynhadledd	International Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024
Gwlad/Tiriogaeth	Y Deyrnas Unedig
Dinas	London
Cyfnod	3/07/24 → 4/07/24

Mynediad at Ddogfen

10.1007/978-3-031-74443-3_15

Ffeiliau eraill a chysylltiadau

Dolen i’r cyhoeddiad yn Scopus

Dyfynnu hyn

Naik, N., Jenkins, P., Grace, P., Naik, D., Prajapat, S., & Song, J. (2024). An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges. Yn N. Naik, P. Grace, P. Jenkins, & S. Prajapat (Gol.), Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024 (tt. 260-270). (Lecture Notes in Networks and Systems; Cyfrol 884 LNNS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-74443-3_15

Naik, Nitin ; Jenkins, Paul ; Grace, Paul et al. / An Introduction to Threat Modelling : Modelling Steps, Model Types, Benefits and Challenges. Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024. Gol. / Nitin Naik ; Paul Grace ; Paul Jenkins ; Shaligram Prajapat. Springer Science and Business Media Deutschland GmbH, 2024. tt. 260-270 (Lecture Notes in Networks and Systems).

@inproceedings{f15f297d04c4448491a5dec3fa508656,

title = "An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges",

abstract = "The proliferation of cybersecurity threats is posing substantial security risks to organisations; therefore, it requires robust countermeasures and defence mechanisms for organisational IT systems, applications and data. Threat modelling is a process of identifying, analysing, prioritising and mitigating threats and their associated vulnerabilities in a system or network. Understanding the threat modelling process, as well as its benefits and limitations, whilst selecting an appropriate threat modelling method that may assist cybersecurity experts in their comprehensive security assessments. The assessments are designed to uncover security gaps and potential threats, to develop robust countermeasures against these potential threats and strengthening the security of organisational IT systems, applications and data. This paper will present a comprehensive study concerning threat modelling including the phases involved in threat modelling, types of threat models and benefits and challenges of threat modelling. Therefore, this comprehensive study concerning threat modelling will simplify the essential terminologies of threat modelling to users in a clear and concise manner.",

keywords = "Cyber Threat, Cyberattack, Cyberthreat, DREAD Model, LINDDUN Model, OCTAVE Model, PASTA Model, STRIDE Model, Threat Modelling, Threat Models, VAST Model",

author = "Nitin Naik and Paul Jenkins and Paul Grace and Dishita Naik and Shaligram Prajapat and Jingping Song",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.; International Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024 ; Conference date: 03-07-2024 Through 04-07-2024",

year = "2024",

month = dec,

day = "20",

doi = "10.1007/978-3-031-74443-3\_15",

language = "English",

isbn = "9783031744426",

series = "Lecture Notes in Networks and Systems",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "260--270",

editor = "Nitin Naik and Paul Grace and Paul Jenkins and Shaligram Prajapat",

booktitle = "Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024",

}

Naik, N, Jenkins, P, Grace, P, Naik, D, Prajapat, S & Song, J 2024, An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges. yn N Naik, P Grace, P Jenkins & S Prajapat (gol.), Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024. Lecture Notes in Networks and Systems, cyfrol. 884 LNNS, Springer Science and Business Media Deutschland GmbH, tt. 260-270, International Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024, London, Y Deyrnas Unedig, 3/07/24. https://doi.org/10.1007/978-3-031-74443-3_15

An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges. / Naik, Nitin; Jenkins, Paul; Grace, Paul et al.
Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024. gol. / Nitin Naik; Paul Grace; Paul Jenkins; Shaligram Prajapat. Springer Science and Business Media Deutschland GmbH, 2024. t. 260-270 (Lecture Notes in Networks and Systems; Cyfrol 884 LNNS).

Allbwn ymchwil: Pennod mewn Llyfr/Adroddiad/Trafodion Cynhadledd › Cyfraniad mewn cynhadledd › adolygiad gan gymheiriaid

TY - GEN

T1 - An Introduction to Threat Modelling

T2 - International Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024

AU - Naik, Nitin

AU - Jenkins, Paul

AU - Grace, Paul

AU - Naik, Dishita

AU - Prajapat, Shaligram

AU - Song, Jingping

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

PY - 2024/12/20

Y1 - 2024/12/20

N2 - The proliferation of cybersecurity threats is posing substantial security risks to organisations; therefore, it requires robust countermeasures and defence mechanisms for organisational IT systems, applications and data. Threat modelling is a process of identifying, analysing, prioritising and mitigating threats and their associated vulnerabilities in a system or network. Understanding the threat modelling process, as well as its benefits and limitations, whilst selecting an appropriate threat modelling method that may assist cybersecurity experts in their comprehensive security assessments. The assessments are designed to uncover security gaps and potential threats, to develop robust countermeasures against these potential threats and strengthening the security of organisational IT systems, applications and data. This paper will present a comprehensive study concerning threat modelling including the phases involved in threat modelling, types of threat models and benefits and challenges of threat modelling. Therefore, this comprehensive study concerning threat modelling will simplify the essential terminologies of threat modelling to users in a clear and concise manner.

AB - The proliferation of cybersecurity threats is posing substantial security risks to organisations; therefore, it requires robust countermeasures and defence mechanisms for organisational IT systems, applications and data. Threat modelling is a process of identifying, analysing, prioritising and mitigating threats and their associated vulnerabilities in a system or network. Understanding the threat modelling process, as well as its benefits and limitations, whilst selecting an appropriate threat modelling method that may assist cybersecurity experts in their comprehensive security assessments. The assessments are designed to uncover security gaps and potential threats, to develop robust countermeasures against these potential threats and strengthening the security of organisational IT systems, applications and data. This paper will present a comprehensive study concerning threat modelling including the phases involved in threat modelling, types of threat models and benefits and challenges of threat modelling. Therefore, this comprehensive study concerning threat modelling will simplify the essential terminologies of threat modelling to users in a clear and concise manner.

KW - Cyber Threat

KW - Cyberattack

KW - Cyberthreat

KW - DREAD Model

KW - LINDDUN Model

KW - OCTAVE Model

KW - PASTA Model

KW - STRIDE Model

KW - Threat Modelling

KW - Threat Models

KW - VAST Model

UR - https://www.scopus.com/pages/publications/85214231872

U2 - 10.1007/978-3-031-74443-3_15

DO - 10.1007/978-3-031-74443-3_15

M3 - Conference contribution

AN - SCOPUS:85214231872

SN - 9783031744426

T3 - Lecture Notes in Networks and Systems

SP - 260

EP - 270

BT - Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024

A2 - Naik, Nitin

A2 - Grace, Paul

A2 - Jenkins, Paul

A2 - Prajapat, Shaligram

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 3 July 2024 through 4 July 2024

ER -

Naik N, Jenkins P, Grace P, Naik D, Prajapat S, Song J. An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges. Yn Naik N, Grace P, Jenkins P, Prajapat S, golygyddion, Contributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024. Springer Science and Business Media Deutschland GmbH. 2024. t. 260-270. (Lecture Notes in Networks and Systems). doi: 10.1007/978-3-031-74443-3_15