Balkan Business Analysis 2020

Example of STRIDE-based threat model

Example of STRIDE-based threat model

The STRIDE was initially created as part of the process of threat modeling developed by Praerit Garg and Loren Kohnfelder at Microsoft for identifying computer security threats.
In this model threats are grouped in in six categories:

  • Spoofing
  • Tampering
  • Repudiation
  • Information disclosure (privacy breach or data leak)
  • Denial of service
  • Elevation of privilege

Today STRIDE is often used by security experts to help answer the question “what can go wrong in this system we’re working on?”
The idea of the presentation is to present the STRIDE model as a good practice in threat modeling in the analysis, design, and implementation of solutions, as well as the participation of BA in this process.

Learning Objectives

  • Introduce threat model
  • WHY threat modeling is important
  • BA participation in process of threat modeling