Organizational Threat Model
Organizational Threat Models – a service that simulates real world attacks based upon evidence supported threat motives – was created after VerSprite received client requests on how the PASTA application threat modeling approach could help simulate multi-faceted, threat based attacks against target organizations.
Each organizational threat model begins with an examination of threat motives. We examine high impact targets for a target organization and correlate to scenarios such as extortion, IP theft, sabotage, data exfiltration, persistence for malware propagation, and much more. A custom threat library per client is mapped to identified business impact scenarios for a target organization.
Once a model has been established, our team launches attack patterns that support threat objectives from modern day syndicates, corporate mercenaries, opportunistic hackers, insiders, and more. Ensuing attack simulations center around one or several threat scenarios, each focused on realizing high impact situations.
As a risk centric approach, organizational threat models can help depict where a security program for an organization is weakest. For this reason, organizational threat models help to define a very effective roadmap for a security program as it illustrates consequences if identified gaps are not remediated. Deliverables and results from these engagements message better to senior management officials since the context of threats, threat viability, and effectiveness of security mitigators are well reflected by the organizational threat model.