Helps an Organization to identify threats, attacks, vulnerabilities and countermeasures.

Threat Modelling is a proactive security holistic view of commonly a project, or can be altered for the entire organization to get an understanding of the threats.

This work involves taking the following inputs:

Business stakeholder – Revenues streams, Organizational structures, Strategy, Business Risk appetite.

• IT – Business critical systems, Technology, IT and data Assets, Policies and procedures.
• Security Maturity – Capability, Security in situ, Objectives and Security Risk Appetite.
• Threats – Threat Actors, Risk, Impact, Motivation, sector and specific threats.

Using these inputs we would be able to provide the following outputs:

• Calculate the risk to the assets and ensure business and IT security risks are aligned.
• Identify mitigation and controls to address the risks.
• Validate the controls for residual risks.

Duration:

This is a lengthy and complex process depending on the organization.

Expected Outcome:

A detailed report on the threats, attacks, vulnerabilities and countermeasures to a Project or the Organization.