PASTA is the Process for Attack Simulation and Threat Analysis and is a risk-based threat model that incorporates business impact analysis as an integral part of the process and expands cybersecurity responsibilities beyond the IT department.
The goal of this seven-step process for risk analysis is to align business objectives with technical requirements while taking into account business impact analysis and compliance requirements. The output provides threat management, threat enumeration, and scoring.
The PASTA threat modeling methodology combines an attacker-centric perspective on potential threats with business risk and threat impact analysis. The outputs are asset-centric. Also, the risk and business impact analysis of the method elevates threat modeling from a “software development only” exercise to a strategic business exercise by involving key decision-makers in the process.
This threat modeling methodology is geared towards organizations that wish to align threat modeling with strategic business objectives and centers around cyber threat mitigation as a business problem.