Threat Modeling using MBSE Overview (Briefing Charts)

Abstract

Threat modeling helps to identify the mission-critical security requirements of a system or process in order to protect the system. The goal of this training is to inform the participants of threat modeling concepts and to work through example threat modelling scenarios. The training will use the SEI Program Independent Model (PIM) to describe assurance cases and workflows for use in threat modelling tasks. The training will include: Review assurance case concepts and terminology, Introduce threat modeling concepts and terminology, Work through generic threat model example (threats as defeaters), Brainstorming session to determine potential threats, Select threats to focus on (likelihood and impact) supported by data, Work through modeling a selection of identified threats. Subsequently, the SEI can facilitate Threat Modeling Workshops to identify program specific threats. Followed by incorporating the identified treats and corresponding mitigations into there system models.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 13, 2023
Accession Number
AD1195557

Entities

People

  • Timothy A. Chick

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Additive Manufacturing
  • Code Injection
  • Computer Programs
  • Control Systems
  • Cyberattacks
  • Cybersecurity
  • Denial Of Service Attack
  • Engineering
  • Engineers
  • Insider Threats
  • Organizational Structure
  • Reliability
  • Reliability Engineering
  • Software Assurance
  • Software Development
  • Systems Engineering
  • Vulnerability

Fields of Study

  • Engineering

Readers

  • Artificial Intelligence
  • Critical Infrastructure Protection in CBRN and WMD Threats.
  • Software Engineering.