As published in the November/December 2019 edition of InfoSecurity Professional Magazine By Naresh Kurada, CISSP Threat modeling is gaining even more attention with today’s dynamic threat environment. The sophistication of threat actors and development of advanced tactics, techniques and procedures (TTPs) has put a brighter spotlight on the process of finding vulnerabilities by incorporating the attacker’s point of view. There are several threat modeling approaches and techniques to consider. Often, these can be classified as asset-centric, system-centric, people-centric or risk-centric. For instance, Microsoft’s STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is system-centric, while PASTA…