SaFi Bank Space : Security Assessment

 Overview

The assessment process starts with screening by knowing why is it needed, determine what is needed, where it should desired to be processed, who will use it, and how it will be used and performed. The goal of the assessment is to understand the need, cross check with regulatory requirements and internal baselines, then identify the appropriate security requirements or gaps found during the screening.

 Feature or Change Screening

Core requirements of the process is understanding the need. To organize the screening, it is segmented into sub-processes.

1. Understand why is it needed. The goal is to understand the business requirements. The aim is to know the background to incorporate with the design to level the security needed for the business.

2. Identify what is needed. The goal is to check what security controls is required. The aim is to understand the feature or change through review of the feature requirements and structure to identify the gaps and appropriate controls for it.

3. Locate where it should be done. The goal is to incorporate the existing architecture in the design and controls. The aim is to understand if the need can inherit the existing controls we had in our existing architecture or establish a new one with appropriate controls based on our baseline.

4. Identify who will do. The goal is to identify user roles and the security level needed per role. The aim is to know if new adjustments to existing roles is needed or totally new role to perform the task.

5. Understand how it will be delivered. The goal is to understand the process in doing it. The aim is to identify the gaps along the process and identify controls needed to handle them.

Expected output: Security Gaps

Threat Modeling

Identified gaps based on screening process must be modeled. Threat modeling aims to identify the possible vulnerabilities or threats based on the gaps. The modeling process is based on OWASP Threat Modeling.

1. Assess Scope. What are we working on? The goal is to understand how large or small the possible gap. The aim is to know the high level view of what could happen.

2. Assess your work. Did we do a good job?. The goal is to identify what improvement points we could do to handle the gap. The aim is to know what else could we do to harden our architecture to prevent the situation in the long run.

3. Identify what can go wrong. What can go wrong? The goal is to identify the threats and its trigger points and possible effects. The aim is to know the possible situation if the threat is executed.

4. Determine and rank threats. How severe could it be? Classify the threat itself, use STRIDE as threat classification.

5. Identify countermeasures or manage risk. What are we going to do about it? The goal is to identify mitigation or risk management strategy. The aim is to know what could we do in the situation to address it.

Expected output: Identified threats from identified gaps.

 Risk Analysis

Identified threats based on threat modeling process must be analyzed. Risk analysis will aim to assess the threats possible risks and analyzed its impact to the business and architecture. The risk analysis will follow Quantitative Risk Assessment.

1. Identify the risks. What are the risks associated with the threat? The aim is to identify possible risk due to the nature of the threat.

2. Determine the probability. What is the likelihood the risk could happen? The aim is to determine the chances the risk can happen.

3. Determine the impact. How severe the outcome could be? The aim is to determine the effect, how large it could be, and how it affect the business.

4. Calculate the risk score. What is the rating? The aim is to rank the risks based on score. Higher the score equals higher the risk. Prioritize the highest.

Risk Rating = Probability x Impact

Expected output: Identified risks per identified threat.

 Documentation

Lastly, to manage identified gaps, threats, and risks. It should be documented and tracked using filed Jira tickets.