Risk Centric Threat Models (Internet of Things) IoT based Medical Devices Risk Centric Threat Models (Internet of Things) IoT based Medical Devices

Home  |  Resources  |  Threat Modeling

Risk Centric Threat Models for Internet of Things (IoT) & Medical Devices

Register for WorkshopCon →

< Back to Blog Home

WorkshopCon InfoSec 2-Day Training Event:
Threat Modeling with VerSprite & TonyUV

This course begins by focusing on the overall importance of threat modeling in product/ application development and then quickly dives into helping students deconstruct product/ application components into use cases, abuse cases, call/data flows, trust boundaries, attack vectors and most importantly countermeasures.

The course is provided over two days and begins with a very quick overview of threat modeling concepts, common inputs to the process, integration activities to secure SDLC workflows and extends into applying the 7 stages of the PASTA methodology to target IoT applications in the healthcare medical field.

What is Threat Modeling?

Risk centric threat modeling is an approach that focuses on correlating threat viability and business impact. Many other threat modeling approaches do not consider impact of threat scenarios beyond subjective analysis.

For healthcare applications the impact goes well beyond patient data privacy and includes impact of loss of life, particularly in the proliferation of IoT based medical devices where wearables have gone to become implantables.

Learn how to leverage threat modeling for any type of IoT application. Register Now →

We’ll explore IoT protocols that support many IoT applications (e.g. – ZigBee, MQTT, CoAP) as well as common web related components that interface with client hardware devices. Beyond the basics of DFDs, attack tree build outs, kill chains, we’ll address how to leverage tools to identify an application’s attack surface (both client side and web), identify work processes, actors (callers) privileges, techniques for threat intel filtering and correlation, and recommendations for identifying weaknesses and attacks that are both present and related to the threat motives of the constructed model.
PASTA Threat Modeling

Risk Centric Threat Modeling:
Process for Attack Simulation & Threat Analysis

VerSprite leverages our PASTA (Process for Attack Simulation & Threat Analysis) methodology to apply a risk-based approach to threat modeling. This methodology integrates business impact, inherent application risk, trust boundaries amongst application components, correlated threats, and attack patterns that exploit identified weaknesses from the threat modeling exercises.

Get the Guide →

We are an international squad of professionals working as one.

logos