Write Out Discussion
The paper gives an overview of the threat models, STRIDE and PASTA. The threat modeling process involves optimization of the security connection by classifying the purposes and susceptibilities (Mc, 2013). The security measures are defined to control the threat effects in the system. The acronym STRIDE stands for spoofing, tampering, repudiation, information, denying and elevation. An example is a case where an individual hacks the username and passwords of other persons. Tampering involves the alteration of data stored in the database. On the other hand, repudiation refers to the situation where an individual transacts illegal transactions that cannot be tracked. Information disclosure refers to the exposure of information to people, who lack accessibility. Denying services involves the state where users are denied some services. Finally, the elevation of privileges can lead to the users destroying the entire system. PASTA stands for the Process for the Attack Stimulation and the Threat Analysis (Mc, 2013).
The STRIDE entails the (DFDs), the data flow diagrams applied to represent the system in graphs. The DFDs consist of the flow, storage, processing of data, and the interaction of ideas during threat incorporation in the model (UcedaVelez & Morana, 2015). The components of the STRIDE model are applied differently and the outcome is determined. On the other hand, the PASTA model involves the application of seven steps while aligning the business goals and purposes with their technical demands as well as the business analysis. Therefore, the DFDs will be used rarely in this case. An individual applying the STRIDE model should begin by considering and analyzing each threat and their impact to the entire model.
Considering their interrelationships and all the connections helps an individual to determine where the threats classify in the steps in the STRIDE model. A person should write all the threats observed for proper analysis. On the other hand, the PASTA requires a person to understand all the objectives in the business, security and the requirements that affect the business. In a case where an individual requires to present diagrams and the DFDs, the Microsoft procedure must be present (UcedaVelez & Morana, 2015). The PASTA model allows a user to analyze the model, involving threats from an attacker’s viewpoint since he or she can initiate an attack in the attack trees along with the surfaces involving the attacks. Finally, the quantity and quality of the risks in business are determined in the PASTA model. On the other, the components are the fundamentals and need to be decomposed well in each step for a fruitful analysis of the threats in the STRIDE model.
The STRIDE and PASTA models compare in that, at the end, an elevation of risks and business analysis is evident. Both models require serious decision makers, who are involved in the entire process to link vulnerability in the management and indicate relevancy to the business. The DFDs are applicable but the PASTA model needs a backup from the Microsoft process. Lastly, aligning of the objectives is important in both models.
Conclusion
The models of threat require a visual illustration of their use during the analysis. Different elements are decomposed depending on the model used. The identification and enumeration of probable threats and techniques are applied better when presenting the data visually. The two models associate with risk identification, prioritize and enumerate the risks differently since they are utilized differently. Analyzing risks is an important procedure that requires individuals to select the best method.
References
Mc Grath, M. (2013). Threat modeling for legacy enterprise applications.
UcedaVelez, T., & Morana, M. M. (2015). Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons.