Enterprise Threat Model Technical Report: Cyber Threat Model for a Notional Financial Services Sector Institution
Abstract
The Homeland Security Systems Engineering and Development Institute (HSSEDI) assists the Department of Homeland Security (DHS) Science and Technology Directorate (S and T) in the execution of the Next Generation Cyber Infrastructure (NGCI) Apex program. HSSEDI is developing an integrated suite of cyber threat models for Financial Services Sector (FSS) institutions. The NGCI Apex program will use threat modeling and cyber wargaming to inform the development and evaluation of risk metrics, technology foraging, and the evaluation of how identified technologies could decrease risks. HSSEDI previously developed and populated a high-level framework and threat model tailored to the FSS, as well as an expanded, more detailed threat model. This technical report describes the use of the previously developed extended threat model at the institution level reflecting attacker methods at a level relevant to implementation. This report applies the expanded threat model at the enterprise level. It describes a representative notional FSS institution, identifies where in its enterprise architecture the threat events from the high-level threat model are applicable, and uses a specific scenario to illustrate the use of detailed threat event information.
Document Details
- Document Type
- Technical Report
- Publication Date
- May 02, 2018
- Accession Number
- AD1108069
Entities
People
- Catherine D. Mccollum
- Clement W. Skorupka
- David B. Fox
- Eric I. Arnoth
Organizations
- Homeland Security Systems Engineering and Development Institute
- MITRE Corporation