🍡Threat Modelling & Incident Response

Threat modelling is the process of reviewing, improving, and testing security protocols.

Very similar to risk assessment: Reviews > Identification > Preparation > Mitigations

STRIDE framework - Spoofing identity, tampering with data, repudiation threats, information disclosure, denial of service, elevation of privileges

STRIDE framework table

Principle	Description
Spoofing	a malicious party falsly identifying themselves, access keys (API), signatres via encryption aliviate this threat
Tampering	making sure the data stays integrible
Repudiation	logging system activity
Information Disclosure	applications that handle the information of multiple users need to be configured to only show some information
Denial of Service	applications and services use up system resources so they should have measures put into place that abuse of these applications wont bring the entire system down
Elevation of Privilege	worst case scenario with someone being able to escalate their privilege to that of an administrator

CSIRT framework - Computer Security Incident Response Team, prearranged group of employees with technical knowledge about the systems and the incident

CSIRT framework table

Action	Description
Preparation	making sure there are enough resources to deal with the incident
Identification	has the threat and the threat actor been correctly identified
Containment	cant the threat/incident be contained
Eradication	remove the active threat
Recovery	perform a full review of the impacted systems
Lessons Learned	what can be learned from the incident and steps moving forward