Condensed Process

Note

This Condensed Process should only be used if your team has limited time to conduct threat modeling (days instead of weeks). Before using, please review Questions 1 through 4 of the uncondensed process.

Question 1: What are we working on?

Data Flow Diagram Outline

Data Flow Diagram Outline

Develop a top-level Dataflow Diagram for your system

Identify critical components and dataflows that, when impacted, would result in mission failure

Question 2: What could go wrong?

Attack Tree Outline

Attack Tree Outline

Analyze your DFD using a structured brainstorming technique (Attack Tree, STRIDE, etc.)

Brainstorm ATT&CK TTPs that could be used to attack the critical components within your DFD

You can gather ideas from TTPs previously used against your tech platform – see the ATT&CK matrix and select by platform or use the Center’s Top ATT&CK Techniques Calculator.

Once you’ve got your list of brainstormed TTPs, search through your existing security stack for ability to defend against them.

Question 3: What are we going to do about it?

Implement the mitigations listed within the ATT&CK page for each brainstormed TTP:

ATT&CK Mitigations Outline

ATT&CK Mitigations Outline

OR

Implement the NIST 800-53 controls for each brainstormed TTP using CTID’s Mappings Explorer:

Mappings Explorer Outline

Mappings Explorer Outline

Question 4: Did we do a good job?

Reevaluate Graphic

Reevaluate

Periodically repeat this process to evaluate your existing mitigations and make sure they are in sync with the development of your system.