Who it's for:
- Cloud security practitioners who analyze threats, assess system preparedness, or design cloud systems and services
- CIOs, CISOs, and senior managers
- Developers and architects
Cloud Threat Modeling
Release Date: 07/29/2021
Working Group: Top Threats
This document from the Top Threats Working Group attempts to bridge the gap between threat modeling and the cloud. To that end, this publication provides crucial guidance to help identify threat modeling security objectives, set the scope of assessments, decompose systems, identify threats, identify design vulnerabilities, develop mitigations and controls, and communicate a call-to-action. Central lessons include the benefits of threat modeling, the unique knowledge and considerations required when threat modeling in the cloud, and how to create a cloud threat model. Example threat modeling cards are provided and can be used by your team for a more gamified approach.
- The baseline threat modeling processes taken from various standards and best practices
- The differences between standard threat modeling and cloud threat modeling
- How to create a cloud threat model from scratch
- A basic cloud threat model reference
- What should be included in a detailed security design report
- Example cloud threat modeling cards
CSA is a community driven organization. We would like to send you updates about our ongoing initiatives and opportunities to participate.
Provide feedback on this form