Current threat modeling methodologies and tools are biased toward systems under development. Organizations whose IT portfolio is made up of a large number of legacy systems, that run on fundamentally different and incongruous platforms and with little or no documentation, are left with few options. Rational, objective analysis of threats to assets and exploitable vulnerabilities requires, the portfolio to be represented in a consistent and understandable way based on a systematic, prescriptive, collaborative process that is usable but not burdensome. This paper describes a way to represent an IT portfolio from a security perspective using UML deployment diagrams and, subsequently, a process for threat modeling within that portfolio. To accomplish this, the UML deployment diagram was extended, a template created, and a process defined.

Arlow, J. and Neustadt, I. (2005) UML 2 and the Unified Process Second Edition, Addison-Wesley.

Howard, M., and LeBlanc, D., (2001) “Writing Secure Code (With CD-ROM)”, Microsoft Press 

ISO/IEC 27001:2005 “Information technology — Security techniques — Information security management systems – Requirements”

Jacobson, I., Booch, G., and Rumbaugh, J. (1999), “The Unified Modeling Language User Guide”, Addison-Wesley

Office of Management and Budget (2007), “Federal Enterprise Architecture Consolidated Reference Model Document Version 2.3”

Saitta, P., Larcom, B., Eddington, M. (2005), “Trike v.1 Methodology Document [Draft],”

Swiderski, F. and Snyder, W. (2004), “Threat Modeling,” Microsoft Press NIST Special Publication 800-53 (2007), “Recommended Security Controls for Federal Information Systems”, National Institute of Standards and Technology U.S. Department of Commerce