1.3 Describe security terms
📘Cisco Certified CyberOps Associate (200-201 CBROPS)
What is Threat Modeling?
Threat modeling is a structured process used to:
- Identify possible security threats
- Understand how an attacker could attack a system
- Decide which security controls are needed
- Reduce risk before an attack happens
It is mainly done before or during system design, but it can also be updated when systems change.
In short:
👉 Threat modeling answers the question: “What can go wrong, how, and how do we stop it?”
Why Threat Modeling Is Important
Threat modeling helps organizations to:
- Find security weaknesses early
- Reduce attack surface
- Protect sensitive data
- Save time and cost compared to fixing security issues later
- Build more secure applications and networks
For the CyberOps exam, remember:
Threat modeling is proactive, not reactive.
When Threat Modeling Is Performed
Threat modeling is usually done:
- During application design
- During network architecture planning
- When adding new features
- When deploying cloud services
- After major system changes
Key Components of Threat Modeling
Threat modeling typically includes the following steps:
1. Identify Assets
Assets are things that need protection, such as:
- User credentials
- Databases
- APIs
- Source code
- Servers
- Network devices
- Cloud resources
2. Identify Entry Points
Entry points are ways attackers can interact with the system, such as:
- Web applications
- APIs
- Login portals
- Network ports
- VPN connections
- Remote access services
3. Identify Threats
Threats are possible attacks against the system.
A common threat classification model used in exams is:
STRIDE Model
| Letter | Threat Type | Meaning |
|---|---|---|
| S | Spoofing | Pretending to be a legitimate user |
| T | Tampering | Modifying data or files |
| R | Repudiation | Denying an action |
| I | Information Disclosure | Data leakage |
| D | Denial of Service | Making a system unavailable |
| E | Elevation of Privilege | Gaining higher access |
You do not need to deeply memorize STRIDE, but you must recognize it for the exam.
4. Analyze Risk
Risk is based on:
- Likelihood (How easy is the attack?)
- Impact (What happens if it succeeds?)
5. Apply Mitigations
Mitigations are security controls such as:
- Authentication and authorization
- Encryption
- Firewalls
- Input validation
- Logging and monitoring
- Least privilege access
Threat Modeling in a CyberOps Role
From a CyberOps perspective, threat modeling helps analysts:
- Understand attack paths
- Improve detection rules
- Identify high-risk assets
- Prioritize alerts
- Improve incident response planning
Exam Key Points for Threat Modeling
✔ Proactive security approach
✔ Identifies threats before attacks occur
✔ Often used during design and development
✔ STRIDE is a common threat classification model
✔ Helps reduce risk and attack surface
2. DevSecOps
What Is DevSecOps?
DevSecOps stands for:
Development + Security + Operations
DevSecOps is a practice where security is built into every stage of the software development lifecycle (SDLC) instead of being added at the end.
Traditional approach:
- Develop → Deploy → Secure
DevSecOps approach:
- Secure → Develop → Deploy → Operate
Core Idea of DevSecOps
👉 Security is everyone’s responsibility, not just the security team.
Why DevSecOps Is Important
DevSecOps helps organizations to:
- Detect vulnerabilities early
- Reduce security incidents
- Automate security checks
- Deliver secure software faster
- Reduce cost of fixing security issues
DevSecOps and Automation
Automation is a key concept in DevSecOps.
Security is integrated using automated tools such as:
- Static code analysis
- Dependency scanning
- Configuration checks
- Container image scanning
- Continuous monitoring
DevSecOps in the Software Development Lifecycle
Security is integrated into:
1. Planning Stage
- Threat modeling
- Security requirements
- Compliance checks
2. Development Stage
- Secure coding practices
- Static Application Security Testing (SAST)
- Code reviews
3. Build and Test Stage
- Dynamic Application Security Testing (DAST)
- Dependency vulnerability scanning
- Automated testing
4. Deployment Stage
- Secure configurations
- Infrastructure as Code (IaC) security checks
- Secrets management
5. Operations Stage
- Continuous monitoring
- Logging
- Incident detection
- Patch management
DevSecOps and CI/CD Pipelines
In DevSecOps, security tools are integrated into:
- CI (Continuous Integration) pipelines
- CD (Continuous Deployment/Delivery) pipelines
This ensures:
- Vulnerable code is blocked automatically
- Security issues are detected early
- Faster and safer releases
DevSecOps and CyberOps Teams
CyberOps teams work with DevSecOps by:
- Monitoring security alerts
- Responding to incidents
- Providing feedback to developers
- Improving detection rules
- Supporting continuous security improvement
Difference Between DevOps and DevSecOps
| DevOps | DevSecOps |
|---|---|
| Focus on speed | Focus on speed + security |
| Security at the end | Security throughout |
| Manual security | Automated security |
| Reactive security | Proactive security |
Exam Key Points for DevSecOps
✔ Security integrated into SDLC
✔ Automation is critical
✔ Security is shared responsibility
✔ Works with CI/CD pipelines
✔ Helps detect vulnerabilities early
Threat Modeling vs DevSecOps (Exam Comparison)
| Threat Modeling | DevSecOps |
|---|---|
| Identifies threats | Integrates security |
| Design-focused | Lifecycle-focused |
| Proactive risk analysis | Continuous security |
| Often done early | Done continuously |
Final Exam Summary (Must Remember)
- Threat modeling identifies and analyzes possible threats before attacks happen
- DevSecOps integrates security into development and operations
- Both focus on proactive security
- Both reduce risk and improve detection
- Automation is critical in DevSecOps
- Threat modeling supports DevSecOps planning
