Cyber Threat Modeling: Survey, Assessment, and Representative Framework
Abstract
This report provides a survey of cyber threat modeling frameworks, presents a comparative assessment of the surveyed frameworks, and extends an existing framework to serve as a basis for cyber threat modeling for a variety of purposes. The Department of Homeland Security (DHS) Science and Technology Directorate (S and T) Next Generation Cyber Infrastructure (NGCI) Apex program will use threat modeling and cyber wargaming to inform the development and evaluation of risk metrics, technology foraging, and the evaluation of how identified technologies could decrease risks. A key finding of the assessment was that no existing framework or model was sufficient to meet the needs of the NGCI Apex program. Therefore, this paper also presents a threat modeling framework for the NGCI Apex program, with initial population of that framework. The survey, assessment, and framework as initially populated are general enough to be used by medium-to-large organizations in critical infrastructure sectors, particularly in the Financial Services Sector, seeking to ensure that cybersecurity and resilience efforts consider cyber threats in a rigorous, repeatable way.
Document Details
- Document Type
- Technical Report
- Publication Date
- Apr 07, 2018
- Accession Number
- AD1108051
Entities
People
- Catherine D. Mccollum
- David B. Fox
- Deborah J. Bodeau
Organizations
- MITRE Corporation