What is PTA ?

Software technology and tools for performing Practical Threat Analysis

PTA (Practical Threat Analysis) is a software technology and a suite of tools that enable users to find the most beneficial and cost-effective way to secure computerized systems and applications according to their specific functionality and environment.

How does it work?

The threat analysis process begins by describing the specific threats and vulnerabilities of the system. The threats are then associated with assets that might be damaged. The process continues by finding the exact countermeasures that will fit different threats. The risk level, potential damage and countermeasures required are all presented in real $ values. PTA automatically calculates the level of risk and the maximum available mitigation and advises on the most cost effective way to mitigate threats and reduce overall system risk.

Who should use PTA?

PTA was designed to assist the work of security consultants, software security engineers and information security officers.

When should Practical Threat Analysis be done?

The best time to use PTA is during system design phase. Potential losses and security countermeasures may be defined at the start and prevent future problems. For systems already in operation, PTA can identify areas of corrective actions. Since threats, vulnerabilities and countermeasures vary throughout a system’s life cycle, threat analysis should be a continuous task.

What are the common problems arising during system threat analysis?

1. Analyzing only a particular ‘environment’, for example networking, makes it difficult to thoroughly explore threats. This is especially true in complex applications with many interfaces.
2. Analyzing a system only once during it's life cycle.
3. There is no quantitative valuation of the severity of threats in real $ value.
4. The outcome of the analysis does not include clear recommendations on the most efficient and cost-effective countermeasures required.
5. Threat analysis models are not dynamic; changes in any parameter of the model will not be immediately reflected in the countermeasures recommended.

Quickly build threat models, analyze risks and manage risk mitigation policies

Using PTA, analysts can quickly build threat models, analyze risks and manage risk mitigation policies relevant to the application's domain. Inputs may be obtained from a variety of external sources e.g. vulnerability scanners, real-time network analyzers, security event repositories and security standards databases. The information can be entered manually as well as automatically.

PTA will save you time and money. In addition to recommending the most cost effective countermeasures, PTA presents the current level of security of the monitored system. Once used, PTA enables dynamic changes in each of the defined threats, vulnerabilities, assets and countermeasures parameters. This allows an effective and continuous security management, throughout the application's life cycle without duplicating efforts and at minimal cost.

Threat Analysis Methodology in-depth - Calculative Threat Analysis Software Tools
Home Page