Risk Management Frameworks

Risk Assessment should be considered separate from Application Threat modeling, although similar but Application Threat Modeling is more of a calculated approach.

Risk Management Activities

Risk Management Activities

Application Threat Modeling

Application Threat modeling should be considered separate from Risk Assessment, although similar but Application Threat Modeling is more of a calculated approach.

Threat modeling allows you to systematically identify and rate the threats that are most likely to affect your system. By identifying and rating threats based on a solid understanding of the architecture and implementation of your application, you can address threats with appropriate countermeasures in a logical order, starting with the threats that present the greatest risk.

Threat modeling has a structured approach that is far more cost efficient and effective than applying security features in a haphazard manner without knowing precisely what threats each feature is supposed to address. With a random, “shotgun” approach to security, how do you know when your application is “secure enough,” and how do you know the areas where your application is still vulnerable? In short, until you know your threats, you cannot secure your system.

Basic terminology:

  • Asset. A resource of value, such as the data in a database or on the file system. A system resource.
  • Threat. A potential occurrence, malicious or otherwise, that might damage or compromise your assets.
  • Vulnerability. A weakness in some aspect or feature of a system that makes a threat possible. Vulnerabilities might exist at the network, host, or application levels.
  • Attack (or exploit). An action taken by someone or something that harms an asset. This could be someone following through on a threat or exploiting a vulnerability.
  • Countermeasure. A safeguard that addresses a threat and mitigates risk.

Consider a simple house analogy: an item of jewelry in a house is an asset and a burglar is an attacker. A door is a feature of the house and an open door represents a vulnerability. The burglar can exploit the open door to gain access to the house and steal the jewelry. In other words, the attacker exploits a vulnerability to gain access to an asset. The appropriate countermeasure in this case is to close and lock the door.


STRIDE Methodology

The STRIDE approach to threat modeling was introduced in 1999 at Microsoft, providing a mnemonic for developers to find ‘threats to our products’ [9] . STRIDE, Patterns and Practices, and Asset/entry point were amongst the threat modeling approaches developed and published by Microsoft. References to “the” Microsoft methodology commonly mean STRIDE.


The Process for Attack Simulation and Threat Analysis (PASTA) is a seven-step, risk-centric methodology.[10] It provides a seven-step process for aligning business objectives and technical requirements, taking into account compliance issues and business analysis. The intent of the method is to provide a dynamic threat identification, enumeration, and scoring process. Once the threat model is completed security subject matter experts develop a detailed analysis of the identified threats. Finally, appropriate security controls can be enumerated. This methodology is intended to provide an attacker-centric view of the application and infrastructure from which defenders can develop an asset-centric mitigation strategy.


The focus of the Trike methodology[11] is using threat models as a risk-management tool. Within this framework, threat models are used to satisfy the security auditing process. Threat models are based on a “requirements model.” The requirements model establishes the stakeholder-defined “acceptable” level of risk assigned to each asset class. Analysis of the requirements model yields a threat model from which threats are enumerated and assigned risk values. The completed threat model is used to construct a risk model based on asset, roles, actions, and calculated risk exposure.


VAST is an acronym for Visual, Agile, and Simple Threat modeling.[12] The underlying principle of this methodology is the necessity of scaling the threat modeling process across the infrastructure and entire SDLC, and integrating it seamlessly into an Agile software development methodology. The methodology seeks to provide actionable outputs for the unique needs of various stakeholders: application architects and developers, cybersecurity personnel, and senior executives. The methodology provides a unique application and infrastructure visualization scheme such that the creation and use of threat models do not require specific security subject matter expertise.


Application Threat Modeling using DREAD and STRIDE is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, classify, rate, compare and prioritize the security risks associated with an application. DREAD methodology is used to rate, compare and prioritize the severity of risk presented by each threat that is classified using STRIDE.


To perform Application Threat Risk Modeling use  OWASP testing framework to identify, STRIDE methodology to Classify and DREAD methodology to rate, compare and prioritize risks, based on severity


  • Spoofing
  • Tampering
  • Repudiation
  • Information Disclosure
  • Denial of Service
  • Elevation of Privilege
Property Threat Definition Example
Authentication Spoofing Impersonating something or someone else. Pretending to be any of billg, microsoft.com or ntdll.dll
Integrity Tampering Modifying data or code Modifying a DLL on disk or DVD, or a packet as it traverses the LAN.
Non-repudiation Repudiation Claiming to have not performed an action. “I didn’t send that email,” “I didn’t modify that file,” “Icertainly didn’t visit that web site, dear!”
Confidentiality Information Disclosure Exposing information to someone not authorized to see it Allowing someone to read the Windows source code; publishing a list of customers to a web site.
Availability Denial of Service Deny or degrade service to users Crashing Windows or a web site, sending a packet and absorbing seconds of CPU time, or routing packets into a black hole.
Authorization Elevation of Privilege Gain capabilities without proper authorization Allowing a remote internet user to run commands is the classic example, but going from a limited user to admin is also EoP.


  • Reproduciblity
  • Exploitability
  • Affected Users
  • Discoverability

DREAD Risk = (Damage + Reproduciblity + Exploitability + Affected Users + Discoverability) / 5. Calculation always produces a number between 10. Higher the number means more serious the risk is.

Threat Modeling Tools

There are currently five tools available for organizational threat modeling:

  • Microsoft’s free threat modeling tool – the Threat Modeling Tool (formerly SDL Threat Modeling Tool).[15] This tool also utilizes the Microsoft threat modeling methodology, is DFD-based, and identifies threats based on the STRIDE threat classification scheme. It is intended primarily for general use.
  • MyAppSecurity offers the first commercially available threat modeling tool – ThreatModeler[16] It utilizes the VAST methodology, is PFD-based, and identifies threats based on a customizable comprehensive threat library.[17] It is intended for collaborative use across all organizational stakeholders.
  • IriusRisk offers both a community and a commercial version of the tool. This tool focus on the creation and maintenance of a live Threat Model through the entire SDLC. It drives the process by using fully customizable questionnaires and Risk Pattern Libraries, and connects with other several different tools (OWASP ZAP, BDD-Security, Threadfix…) to empower automation.[18]
  • securiCAD is a threat modelling and risk management tool by the Scandinavian company foreseeti. It is intended for company cyber security management, from CISO, to security engineer, to technician. securiCAD conducts automated attack simulations to current and future IT architectures, identifies and quantifies risks holistically including structural vulnerabilities, and provides decision support based on the findings. securiCAD is offered in both commercial and community editions. [19]
  • SD Elements by Security Compass is a software security requirements management platform that includes automated threat modeling capabilities. A set of threats is generated by completing a short questionnaire about the technical details and compliance drivers of the application. Countermeasures are included in the form of actionable tasks for developers that can be tracked and managed throughout the entire SDLC.[20]

Further Methodologies

Related Work

More good reading

General Approach

To check what setting your system is using, use ‘sysctl name’ (e.g.: ‘sysctl net.ipv4.tcp_rmem’). To change a setting use ‘sysctl -w’. To make the setting permanent add the setting to the file ‘sysctl.conf’.

More Reading:



Using package-cleanup command which is a part of yum-utils package we can uninstall any number of old kernels automatically. As an example using --oldkernels --count=2 option with package-cleanup command the command will remove all unused kernel while keeping last three most recent kernel versions installed.


list installed kernels

remove kernels no longer needed; listed above


By default CentOS will keep last 5 kernels installed on your system. This behavior is defined by installonly_limit=5 line within /etc/yum.conf file. Update the /etc/yum.conf configuration file appropriately to keep desired number of old kernels on your system after update. The minimum value to be set is 2.

Example of /etc/yum.conf configuration file to keep only last two kernel versions:

read more: linuxconfig.org

ZFS – Downgrade Commands for Centos:

To do the downgrade/re-install dance:

ZFS tuning for SAS3 Storage Tank

ZFS tuning for SAS3 ALL SSD + nVME Storage Tank

Some more good advice:



ZFS – SNMP Extend Commands:



A Comparison of Features in Bonding and Team

Feature Bonding Team
broadcast Tx policy Yes Yes
round-robin Tx policy Yes Yes
active-backup Tx policy Yes Yes
LACP (802.3ad) support Yes (active only) Yes
Hash-based Tx policy Yes Yes
User can set hash function No Yes
Tx load-balancing support (TLB) Yes Yes
LACP hash port select Yes Yes
load-balancing for LACP support No Yes
Ethtool link monitoring Yes Yes
ARP link monitoring Yes Yes
NS/NA (IPv6) link monitoring No Yes
ports up/down delays Yes Yes
port priorities and stickiness (“primary” option enhancement) No Yes
separate per-port link monitoring setup No Yes
multiple link monitoring setup Limited Yes
lockless Tx/Rx path No (rwlock) Yes (RCU)
VLAN support Yes Yes
user-space runtime control Limited Full
Logic in user-space No Yes
Extensibility Hard Easy
Modular design No Yes
Performance overhead Low Very Low
D-Bus interface No Yes
multiple device stacking Yes Yes
zero config using LLDP No (in planning)
NetworkManager support Yes Yes

Read More: RHEL

Config Snippets:

  • CentOS 7
  • No NetworkManager

NEXUS vPC Switch A:

NEXUS vPC Switch B:

CentOS 7 Server – Config: nas-a:

CentOS 7 Server – Config: nas-a:

CentOS 7 Server – Show Commands: