Insights: why threat model?

What is threat modelling & why?

  1. Resources are finite and simply acquiring all the security in the world can be a pyrrhic victory, where an organisation has exhausted its capital on cyber security with no value. Threat modelling allows the efficient allocation of resources to effectively defend an organisation.
  2. Defensive teams can be better rehearsed- nested in with resource management is planning and preparing the defence and stakeholders. If the threat is understood, stakeholders can be prepared and operate expeditiously in a high stress environment once a threat is realised.
  3. Structured approaches allow us to build beyond “ransomware.” Most C level executives are concerned about ransomware which is front of mind however, by employing a structured approach to understand the environment, 3rd parties and genuine assets and the breadth of threats, a more expanded observation of genuine issues can take place. By way of example, our own structured approach recently identified that confidence in systems was a higher priority than ransomware events, which had already been adequately addressed.
  4. Discipline breeds confidence. The panic that is generated from the unknown is what sees most organisations setup for failure. By having a disciplined approach, teams and leaders can more confidently address the issues they face.

--

--

--

Mercury Information Security Services are a leading provider of information security services, advice and consulting.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Follow Least Power Principle Luke

$UNAGI Celebration Events Ended

$UNAGI Celebration Events Officially Ended

New $JUP Farm!

Taliware’s Biombeat — At the Heart of Security in a Zero-Trust World

How to Register for Verizon Visible Through the App

{UPDATE} 靈境殺戮 Hack Free Resources Generator

Hack the Box Walkthrough — Forwardslash

{UPDATE} Cribbage Calculator Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mercury ISS

Mercury ISS

Mercury Information Security Services are a leading provider of information security services, advice and consulting.

More from Medium

Automation Isn’t the Savior You Think It Is

Detection and Response for Linux Reflective Code Loading Malware— This is How

Getting Started with Cyber Risk Management

Security highlights of the week