Threat Modelling for Business Analysts: Security Considerations Within Business Processes

Introduction

Cyber security threats have escalated as more organizations harness digital advancements. This is because cybercriminals take advantage of weaknesses in business operations, making security a vital component of all system designs. Cybercriminals continuously exploit weaknesses in business processes so that safeguarding sensitive data is crucial to every system design. Business analysts (BAs) are critical in ensuring that security issues are pegged into business processes as early as possible. One of the best methods in eliminating security risks is through threat modelling. It is one of the best strategies for reducing the risks associated during the undertaking of systems operations in a company.

By and large, threat modelling is an effective methodology that analysts can apply to address security risks within business processes. With this technique, BAs can work more effectively with security and development teams to ensure that processes are secure, compliant and well designed. The approach allows BAs to work seamlessly with security teams and developers who will help them to ensure that processes are secure, compliant, and well designed. Threat Modelling is the process of identifying an adversary in a particular system to protect it from potential risks. It is sometimes referred to as threat template, which serves to highlight areas of concern of an undertaking, the said area would be the subject to intense scrutiny in order to try and stave off any threats and or capture them.

To guard against security threats, in this article, we provide business analysts an overview of the vulnerable detection approach as well as the methodology and its application on a corporate scale. The goal is to envision how an active threat could strike a business venture, evaluate the consequences and formulate strategies to mitigate expenses and threats.

Why Business Analysts Need to Practice Threat Modelling

Business analysts are expected to gather and analyse business needs, draft workflows, and streamline business processes. During the design phase, inattention to security can spell disaster after deployment. These possible outcomes involve data loss for monetary and reputational damage, regulatory violations with financial and legal penalties, and business cyber outages that impair business operations. Business analysts can incorporate threat modelling into their analysis to ensure business processes are designed to be around sensitive data in cybersecurity legal frameworks like GDPR, CCPA, and PCI-DSS, as well as synchronize safety and business goals to decrease the chances of unhealthy security expenditure after implementation.

Threat Modelling Techniques Business Analysts Should Know

As with many other disciplines, there are several best practices that business analysts can adopt in carrying out threat modelling. Below are some of the more popular ones.

• STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of Privilege). STRIDE is a framework developed by Microsoft, which is used by analysts to put threats to security into the following six fundamental categories. It enables business analysts to methodically analyse workflows and detect potential vulnerabilities at each level of a business process. Spoofing is the unauthorized impersonation of users or systems; Tampering is the unauthorized manipulation of data or processes; Repudiation is defined as a lack of accountability for malevolent deeds, Information Disclosure entails unauthorized access to sensitive data, Denial of Service (DoS) is the disruption of service availability, and the Elevation of Privilege is the unauthorized escalation of user privileges.

• PASTA (Process of Attack Simulation and Threat Analysis) is a risk-centric threat modelling methodology that integrates security and commercial objectives. It is composed of seven hierarchical stages. First is to Define business objectives by Identifying significant business assets. Then, define technical scope by identifying technology dependencies and limits. Next is Application decomposition which involves breaking down business processes and identifying data flows. Threat analysis which involves identifying prospective dangers based on attack patterns is then conducted. Vulnerability analysis to identifies flaws in the organisation’s processes, Attack modelling to simulate hypothetical attack situations and Risk analysis and mitigation which involve prioritising threats and defining security procedures. PASTA is especially useful for business analysts working in high-risk areas like finance, healthcare, and e-commerce, where security is critical.

• Attack Trees are hierarchical diagrams that represent how an attacker could abuse a system or process. Each node in the tree represents a phase in an attack, allowing business analysts to see how various weaknesses intersect.
  Below is an example of an attack tree designed to get unauthorised access to financial records.

Goal: Gain unauthorized access to financial accounts.

Method 1: Phishing attack.

Sub-method: Send fraudulent emails to users.

Method 2: Credential stuffing.

Sub-method: Use leaked credentials from previous breaches.

By leveraging attack trees, BAs can easily identify vulnerabilities and attack vectors in authentication workflows, data access, and fraud detection mechanisms.

• DREAD (Damage, Reproducibility, Exploitability, Affected Users, Discoverability) is a quantitative risk assessment model where threats are scored based on the five criteria: Damage Potential to assess how severe is the impact, Reproducibility evaluates how easily the attack can be repeated, Exploitability measures how easy it is to exploit the vulnerability, Affected Users calculates how many users would be impacted while Discoverability addresses how easy is it to find the vulnerability. This scoring helps business analysts prioritise threats based on risk levels and implement mitigation strategies accordingly.

Steps for Business Analysts to Conduct Threat Modelling

Step 1: Define Business Process Scope

• Identify the business process under analysis.

• Determine critical assets, stakeholders, and data flow.

• Assess compliance requirements (e.g., ISO 27001, NIST, GDPR).

Step 2: Create Data Flow Diagrams (DFDs)

• Map how data moves between users, systems, and external entities.

• Identify trust boundaries where data transitions between security zones.

• Highlight attack vectors at each transition point.

Step 3: Identify Threats Using a Framework

• Analyse each process step for security risks.

• Classify threats based on STRIDE, PASTA, or DREAD.

• Document potential attack scenarios.

Step 4: Assess Risk and Impact

• Evaluate likelihood and severity of each threat.

• Consider business impact, including financial, reputational, and regulatory consequences.

Use models like PASTA or DREAD to prioritize high-risk threats.

Step 5: Implement Security Controls

Apply security best practices and collaborate with IT security teams to validate controls. Some identified security best practices are as follows:

• Encryption for sensitive data storage and transmission.

• Multi-factor authentication (MFA) for user authentication.

• Role-based access control (RBAC) to restrict access.

• API security to prevent unauthorized access.

Step 6: Monitor and Continuously Improve

• Regularly review and update threat models as business processes evolve.

• Conduct periodic security assessments and penetration testing.

• Adapt security measures based on new threat intelligence.

Case Study: Threat Modelling in an Online Banking Process

A business analyst is designing a new online banking process where customers can transfer funds between accounts. The BA uses STRIDE to identify threats:

• Spoofing: Attackers impersonate legitimate users (Mitigation: MFA and device fingerprinting).

• Tampering: Unauthorized modification of transaction details (Mitigation: Digital signatures and transaction verification).

• Repudiation: Customers dispute transactions (Mitigation: Secure logging and audit trails).

• Information Disclosure: Data leakage via insecure API calls (Mitigation: End-to-end encryption).

• Denial of Service: Overloading banking servers (Mitigation: Rate limiting and DDoS protection).

• Elevation of Privilege: Unauthorized admin access (Mitigation: Role-based access controls).

By applying threat modelling, the BA ensures security risks adequately evaluated and mitigated before the implementation of the online banking application.

Conclusion

Pre-emptive threat modelling, like other information system security solutions, continuously enables and enhances various operations and activities, such as allowing business analysts to implement security at all levels of the organisation. Business analysts can identify and mitigate possible vulnerabilities using technologies like as STRIDE, PASTA, DREAD, and Attack trees. These technologies assist in mitigating risks before they become a serious threat.

Author: Victoria Ogunsanya

Victoria is a skilled Cyber Security Professional with expertise in Information Security Audit, Governance Risk and compliance (GRC), Incident response and IT Service Delivery Management. She had over a decade experience in IT operations passionate about helping organisations drive security policies and strategies to align with their business objectives as well as protect their digital assets.