Trying to assess if this is a common term in the industry.
Best answer by John Steven
View original
Does anyone use the term "threat drift"?
Userlevel 1
Userlevel 1
As stated, it is true that the term “Drift” is more commonly used by itself to references changes in Architecture that are discovered post-production. From a security perspective, these anomalies likely result in the discovery of additional threats if the infrastructure changes did not run through a well-defined process designed to ensure system hardening.
Userlevel 4
Organizations track ‘evolving threats’. And yes, as infrastructure (naturally) drifts from approved ‘reference architecture’ or ‘security blueprint’, those same organizations evaluate:
- Additional attack surfaces given access to the system as modeled;
- Any disablement or change in a security control; or
- Discovery of a vulnerable and exploitable components.
Evolving threats aren’t always tied to technology drift though. Sometimes threats evolve because of changes to intrinsic risk properties such as:
- Where new channels/partners/services/users open opportunities for new adversaries;
- Adversaries discovering or acquiring additional capabilities; or
- Changes to the economics of assets (and the theft, destruction, or other malicious use).
Like with infrastructural drift, evolving threats should trigger a ‘triage’ of the impact and potential refactoring of affected models.
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.