Threat modeling and vulnerability assessment are new methodologies that are being adopted in the development of applications and information systems in order to protect the information in a better way. In this paper, we will talk about why Walmart needs these methodologies despite its security programs and how the company can benefit from it. This paper will discuss steps and methodologies involved in the implementation of these security programs, and how Walmart will get benefit from these methodologies.
Information security is the most important aspect for most of the organizations like Walmart because it is considered to be an asset for the organization that is meant to be preserved and secured. Walmart holds information that may contain the personal information relevant to the customers and some information that is very sensitive that is not meant to be accessible to most of the employees. Most of the businesses are dependent on digital information, same as Walmart. It means that the information is the most important asset, and it is also raising threats for the businesses to take good care of information. It led to the advent of application security holding and processing information. It does not only cover the security of the application on computers but it also calls for cybersecurity of information as the information can be accessed from the internet. The hackers are always looking for loopholes in the security of application that they could gain unauthorized access to the system so that they could cause trouble to the application or damage information stored in the database. In the early age of development of application and systems, the developers only focused on the betterment of functionality of the application and look for security at the end and this approach can be disastrous. It leaves a lot of vulnerabilities to go un-noticed that could cause the whole system and application crash. It is important to find out how to protect the applications and information; there are three approaches that can be adopted in this regard. One is to involve all the security experts involved in the development process so that they can be shared their knowledge that development takes into consideration and make the application and information system more secure. The second approach is that the experts share their knowledge about typical vulnerabilities that developers focus while development process. The third step is the availability of system-specific knowledge to the person that is assigned to look for vulnerabilities in the system.
There is a process for considering the security of application that is threat modeling that is adopted in order to assess the security of the application and fix the issues that could lead to secure the application. Along with threat modeling, vulnerability assessment is also implemented in order to make applications and systems more secure. Threat modeling processes designing of security specifications and then testing those specifications (Rouse, Threat Modeling, 2006). The process of threat modeling is considered to be best when it is adopted at the time of application development, however, threat modeling can also be implemented for applications that have already been designed. In this paper, we will be discussing threat modeling and vulnerability assessment for already developed applications. This process helps in identification of reasons and methods that an attacker can make use for identification of vulnerabilities and threats in systems. On the other hand vulnerability assessment is the process for identification and classification of security loop in application or information system (Rouse, Vulnerability Analysis , 2006). It further helps in the prognosis of the effectiveness of the system that is proposed to ensure the security of security program.
Threat modeling is helpful in achieving the following goals in the security of application and information system. It ensures the security of the application and helps in the investigation of threats and vulnerabilities in the system. Moreover, it helps in justifying security to both the hardware and software; it also helps in identification of security system.
Walmart is a leader in the retail market and has a strong customer base. It has a large database of buyers and suppliers that it has to deal with. In this way, Walmart holds sensitive information about its customers that share their personal information on the website. The company needs to take care of all the information in its database and also make it out of reach from unauthorized persons. However, with the new coming technologies, the hackers are always making use of those technologies so that they could get into the system and could cause damage to the organization. On the other hand, the company also needs to ensure that no one gets access to its sensitive information that is meant to be viewed by only a few authorized persons. The question is how Walmart will be able to fight those threats and stop hackers from getting into its system. It is possible only by earlier planning and finding out the vulnerabilities in its systems that the hackers could use to get into the system. Threat modeling and vulnerability analysis will help Walmart to get information about its system and find out the areas where it needs to focus. If the company is not aware of loopholes in its own system how it can implement better security policies to ensure the safety of its information and system. Walmart will be able to identify the threats that its system face, moreover the company will be able to implement its better security plan in case if some hackers still gain access to the system. However, the security risk will be mitigated to a minimum level with the help of these methodologies.
Threat modeling allows the formation of a structured approach that could help in the more appropriate security of an application. There are strategies for the threat modeling that are meant to be followed and implemented; identification of assets, the creation of architecture overview, decomposition of application, identification of the threat, documentation of threats and rating the assets (Burns, 2005).
The first step in threat modeling is the identification of assets the organization focuses on its security. The asset is obviously the information that it stores that can be used in further decision making or for other purposes. The assets are the reasons that threats exist and the hackers are always working to gain access to those assets. The organization must be well aware of what assets it needs to secure, the assets can be hardware and software. Even if one asset is compromised then it can interact with other assets and gain access to other important information. The following data should be identified for asset identification process, Numerical ID, Name, and Description. The numerical ID is important so that it can use for checking against vulnerabilities and threats. The asset should be assigned a name and a short description as well explaining why the asset should be protected.
The second step in the strategy of threat modeling is the creation of architecture overview; first, there is need to document the functionality of the application, then create the overview. In the end, in this phase, it is mandatory to identify the technologies used for the development of the application. In documenting functionality of the application, it highlights how it access the assets and how the assets can be misused. Then comes the design of architecture diagram that must be high level describing how the application works and all of its subsystems should be mentioned. Then comes the identification of technologies that were used in the development of the application of information system so that technology-based threats could be identified. It will help in the development of best mitigation techniques for ensuring the security of the application.
In this phase for threat modeling, the application is decomposed on different levels that help in the creation of security profile on the basis of vulnerability areas. In decomposition following tasks are performed; identification of trust boundaries, data flow, entry points, privileged code and documentation of security profile. The trust boundaries are surrounding all the tangible asset of the application that is described by the design of the application. In simpler words, it can be said that to identify whether data flow or inputs are trusted or not. If the inputs are not authorized then how can be authorized or authenticated. It means that the data flow to or from the application entering the trust boundaries should validate all the information required. In the same way, data flow should also be decomposed by iterative decomposition of data between individuals and subsystems. Data flow diagrams are best in this regard as they describe the flow of data in the system. The identification of entry points is also important to be secured because the hackers can also use those points to gain access to the application and internal entry points. The fourth component in the decomposition of the system is the identification of privilege code that lets the user perform some privileged operations. The last step in the decomposition of application is documenting the security profile that helps in identification of input validation, authentication, and authorization and configuration management of the system.
This step is important as it helps in better threat modeling for the security of the application. In this step, the threats are identified so that those threats could be mitigated in a better way. This process is better done by doing a brainstorming session with the development team so that all the threats could be identified that application could face. The development team involving security professionals, developers, testers and system administrators. There are other approaches that can be used as well; STRIDE for identification of threats and categorization of the threat list. The threats are further identified in three categories; network threats, host threats and application threats.
Once the threats are identified to the application, the next step in threat modeling is documentation of threats. This documentation helps in prioritizing the threats at the end of the report and help what threats are to be dealt first. The attributes that are to be considered in the documentation of threats are threat targets, vulnerabilities exploited and risk rating.
It is the last step in threat modeling that includes rating the documented threats to the application or information system. The threat with the highest rating is dealt first and then the raining threats are focused according to their rating.
It can be said that vulnerability is the subset of risk assessment but it is more perspective than risk assessment. Invulnerability assessment, layouts and elements of the system are overlooked on the basis of threats that they can offer to application or information system. The vulnerability assessment process is important as it clarifies that what will happen if the system fails. What will be the consequences of the system failures and are those failures acceptable or not? The implementation of vulnerability assessment has to attain the following objectives:
- To understand the mission of the organization and the systems supporting those missions.
- Identify the vulnerabilities that can be a threat to that system
- The failure nodes could be identified
- The consequences could be identified that could happen as a result of the failure
- Recommending approaches to reduce vulnerability
Vulnerability assessment is achieved by following these steps: Threat Identification, Mission Identification, Supporting System Identification, Critical System Elements Interconnection, System Reconstitution and Determining Vulnerabilities.
The first step in vulnerability assessment is to identify the threats to the systems, it should be based on the attacks that have happened to other systems in the past. The threats identified should be considered in order to find vulnerabilities in systems. The threats can be the security of information or attacks by hackers.
The second step in vulnerability assessment is mission identification of company or organization. It is important because the vulnerabilities that could affect the mission statement of the organization should be addressed first so that the organization is able to meet its mission.
The support systems can be considered to be the primary functions that enable organizations to complete their missions. However, the support systems are more vulnerable than the other systems because they are of fewer attention in organizations.in vulnerability assessment, the supporting systems are also identified.
Once the supporting systems are identified, the next step in vulnerability assessment is to identify the interconnection of this system with each other. In this way, the effect of the failure of one system on other can be easily identified. It will develop a fault tree that will illustrate the effect of failure on one system on other supporting system and main system and its mission success.
If there is any problem in the system or its supporting system, the thing to consider is to find out the time required to resolve the issue. The issue or threat can be physical or in software code.
In order to determine the vulnerabilities and its effect on the system, it is important to draw a matrix that will relate the threats to the systems. It will highlight the effect of a threat to a system or supporting system and its results on the overall system.
The information is the most precious asset for any organization like Walmart and they spent a lot of money in order to secure their application and information stored in it. However, if the still the application and information is at risk then there is the need for threat modeling and vulnerability assessment. It lets the organization to protect their information in more better and appropriate way that could mitigate security risks on their information systems and applications.
Burns, S. F. (2005, 1 5). Threat Modeling: A Process To Ensure Application Security. Retrieved from SANS: https://www.sans.org/reading-room/whitepapers/securecode/threat-modeling-process-ensure-application-security-1646
Cigital. (2016). Threat Modeling: Analyze your architecture and design to expose risk before the coding begins. Retrieved from Cigital: https://www.cigital.com/services/architecture-analysis/threat-modeling/
David Poarch, D. H. (2013, 11). 8 Steps to an Effective Vulnerability Assessment. Retrieved from Focus: http://focus.forsythe.com/articles/211/8-Steps-to-an-Effective-Vulnerability-Assessment
Glynn, F. (2016). Vulnerability Assessment and Penetration Testing. Retrieved from VeraCode: http://www.veracode.com/security/vulnerability-assessment-and-penetration-testing
Huber, R. (2003, 4 20). Strategies for Improving Vulnerability Assessment Effectiveness in Large Organizations. Retrieved from SANS: https://www.sans.org/reading-room/whitepapers/auditing/strategies-improving-vulnerability-assessment-effectiveness-large-organizations-1072
Microsoft. (2003, 6). Threat Modeling. Retrieved from Microsoft: https://msdn.microsoft.com/en-us/library/ff648644.aspx
Rouse, M. (2006, 2). Threat Modeling. Retrieved from Tech Target: http://searchsecurity.techtarget.com/definition/threat-modeling
Rouse, M. (2006, 3). Vulnerability Analysis. Retrieved from Tech Target: http://searchmidmarketsecurity.techtarget.com/definition/vulnerability-analysis