Threat modelling is a process of identifying threats to a system (or components of a system) by modelling the system in question, identifying the vulnerabilities that exist, and the possible exploits which might make use of those vulnerabilities.
Systems can be modelled in a variety of ways, with the most common being asset-centric, attacker-centric or software-centric. which allows for different ways to understand how the system being modelled can be attacked.
Although there are no agreed list of steps which constitute a threat modelling process, the most common steps usually involve the following:
- Modelling the system and including components, connections, trust boundaries, and assets which need to be protected.
-
Analysing the model in a structured way to identify the way in which threats to the system exist and ways in which attacks could take place.
-
Finding protections against the attacks and implementing them.
Last updated: 2 September 2017