Technology

Daily Buzz: Why Your Organization Needs a Threat Model

By / Jan 14, 2020 (kentoh/iStock/Getty Images Plus)

Taking a proactive approach to cybersecurity by building a threat model. Also: the hidden benefits of uncertainty.

With cyberattacks becoming more complex and more frequent, organizations must remain vigilant in their cybersecurity efforts. One way to shield your organization from an attack is to implement a threat model, says Maggie Jauregui at The Next Web.

Threat modeling is a process that improves security by identifying vulnerabilities within an organization and implementing safety measures to stop potential threats.

According to Jauregui, a security researcher for Intel, the five steps to build a threat model include taking inventory of all assets you need to protect, determining what you’re protecting each asset from, laying out an adversary model that defines the type of attacker you need to protect against, pinpointing potential threat vectors and attacks, and developing mitigations for each threat.

But once the threat model is created, your work isn’t done. You need to follow a few best practices to ensure its effectiveness. For example, share your threat model document broadly within the organization.

“Without wide circulation among those involved in every stage of product development (architects, developers, validation teams, and security researchers), the document isn’t of much use,” Jauregui says.

Additionally, organizations should treat threat models as “living documents,” Jauregui says. Once it’s created, commit to refining your threat model as the tech landscape evolves and new threats arise.

“Done properly, threat modeling can profoundly improve your organization’s security posture,” Jauregui says.

Embrace the Unknown

Want to spark some inspiration on your team? Welcome uncertainty.

“The problem is not that professionals lack creative impulses but that they are too focused on getting the creative process right,” says Aithan Shapira in the MIT Sloan Management Review. “You ought to have some vision of what you want to do, but a plan that’s too fully formed or too blindly followed leaves little room for innovation.”

To foster a creative culture, managers should encourage conflict, invite unexpected contributions, and have the ability to shift their mindset as the situation changes.

Other Links of Note

CES 2020 observations. Event Manager Blog’s Julius Solaris identifies five tech trends from this year’s show that will affect the events industry.

Constantly busy? The MemberSuite blog offers tips on eliminating time-consuming tasks.

Ready to ditch your New Year’s resolution already? Rajshree Agarwal breaks down how you can stay on track in a recent Forbes article.

Michael Hickey

Michael Hickey is a contributor to Associations Now. More »

Comments

Leave a Comment