TMIS Vocabulary

Question 1

Attack Surface

Answer 1

The sum of all possible points where an unauthorized user could try to enter or extract data from a system.

Question 2

Data Flow (DFD)

Answer 2

Symbolizes the path and direction of data movement between entities, processes, and data stores.

Question 3

Data Flow Diagram (DFD)

Answer 3

A graphical representation of the data flow through an information system, used to understand the application’s mechanics and identify potential attack surfaces.

Question 4

Data Store (DFD)

Answer 4

Represents locations where data is stored within the application.

Question 5

Doomsday Scenarios

Answer 5

Hypothetical worst-case situations used to proactively anticipate and prevent potential catastrophic events for an application and business.

Question 6

Ecosystem (of applications)

Answer 6

A network of interconnected applications and services that work together to support an organization’s functions.

Question 7

External Entity (DFD)

Answer 7

Represents any entity outside the application that sends or receives data, interacting with the system.

Question 8

Mitigation

Answer 8

The process of selecting and implementing security controls to defend against identified threats and reduce risks.

Question 9

NotebookLM can be inaccurate; please double-check its responses.

Question 10

Process (DFD)

Answer 10

Represents a task within the application that handles data, potentially modifying or acting upon it.

Question 11

Secure Development Lifecycle (SDLC)

Answer 11

A framework for integrating security activities into the software development process. Threat modeling is an essential step within this lifecycle.

Question 12

STRIDE

Answer 12

An acronym used for identifying threats: Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Question 13

Threat Actors

Answer 13

Individuals or groups who pose a threat to an application, categorized by their relationship and trust level with the organization (e.g., Insider trusted, External untrusted).

Question 14

Threat Modeling

Answer 14

A structured activity for identifying and managing application threats, also known as Architectural Risk Analysis.

Question 15

Trust Boundary (DFD)

Answer 15

An extension of classical DFDs for threat modeling, representing a change of trust levels as data flows through the application and indicating potential attack surfaces.

Question 16

Validation

Answer 16

The final step in threat modeling where the effectiveness of mitigations is reviewed, and residual risks are assessed and managed.

Question 17

Vulnerabilities

Answer 17

Weaknesses or flaws in an application that can be exploited by threats.