Microsoft has released a new retail threat modelling whitepaper developed by its Enterprise Services Cyber Security practice.
A Systematic Method to Understand Security Risks in a Retail Environment presents best practices around protecting consumer personally identifiable information (PII), including payment and customer loyalty data.
Vic Miles, Microsoft retail technology strategist, explained the concept to OnWindows: “We recognise that all retail systems will come under attack at some point. But in this whitepaper, we present strategies to ensure retailers can be certain that all points between which data passes are secure.
"It’s not about antivirus software, it’s about making sure that PII information is secure.”
In the whitepaper, Microsoft used a combination of skills, including enterprise systems security expertise and retail domain expertise, to define a process called ‘retail threat modelling’.
The methodology identifies potential threats through a process known as the STRIDE approach, which is part of the Microsoft Trustworthy Computing Security Development Lifecycle.
Effective threat modelling is known to systematically identify threats and, from that exploration, appropriate mitigations and defences can be determined.
“The threat modelling process defined in this whitepaper allows retailers to methodically model the threat level from point to point,” said Miles. “It enables retailers to understand where their weak links are, how they can determine the inherent risk in their systems, and to make sure appropriate defences are in place when they are subject to an attack. An analogy for this is with a good sports team.
If everybody plays their role then the job gets done, but you are only as good as your weakest player. It’s about being proactive, rather than reactive.”
For more information on how Microsoft can help mitigate security risks, download the retail threat modelling whitepaper.
Share this story