A Brutalist Threat Model Approach
A brutalist threat model is straightforward, focused on impact, and avoids unnecessary complexity. It's about quickly identifying the most damaging problems for the most critical assets. This provides a rapid understanding of the most significant risks to the most critical business functions, allowing for quick prioritization of security efforts. More detailed threat modeling can follow later, focusing on the areas identified as most critical here.
What
High-criticality assets identified in the "Business Continuity Backbone" chart from the Phase 1.
Approach:
- Directness: Focus on the most likely and impactful threats.
- Functionality: The goal is to identify key risks and initial mitigation ideas quickly.
- Visibility: Makes potential crises and their consequences clear to understand.
- Pragmatism: Prioritizes actionable and simpler insights over exhaustive analysis.
Output - A simple list or table for each critical asset, outlining:
- Obvious threat: A straightforward, high-level attack or failure scenario (e.g., "Ransomware on Finance Server," "Loss of Customer Database Access," "Compromise of Authentication System").
- Brutal impact: The direct, most severe consequence to the business (e.g., "Inability to process payments," "Loss of all customer order history," "Complete system lockout").
- Simple mitigation (initial thought): A basic, immediate control that could reduce the likelihood or impact (e.g., "Regular backups," "Strong passwords," "Network segmentation").
How
- Target the core: Take the "Business Continuity Backbone" chart. Focus only on the High-criticality nodes.
- Brainstorm “obvious” badness: For each High-criticality asset, ask: "What's the simplest, most direct way this (the badness) could really hurt us?" Think in terms of common attacks and failures. Keep it high-level, no need for detailed attack paths yet.
- State the pain: For each "Obvious Badness" clearly and concisely describe the worst-case business impact. Use plain language. Think CEO, CFO, COO.
- Think basic fix or control: For each threat, jot down one or two very basic security measures that could give some immediate protection or reduce the damage. Don't overthink this stage. Minimize blast radius.
- Document simply and brutally: Record the asset, threat, impact, and basic mitigation in a straightforward list or table. No complex diagrams or lengthy reports.
A Brutalist Threat Model Template
| Obvious Badness | Brutal Impact | Initial Mitigation |
|---|---|---|
| Ransomware on finance server | Inability to process payments for weeks | Implement regular, offsite backups |
| Loss of Customer Database | Loss of all customer order and payment history | Automated database backups |