Threat modelling is a process of identifying threats to a system (or components of a system) by modelling the system in question, identifying the vulnerabilities that exist, and the possible exploits which might make use of those vulnerabilities.
Systems can be modelled in a variety of ways, with the most common being asset-centric, attacker-centric or software-centric. which allows for different ways to understand how the system being modelled can be attacked.
Although there are no agreed list of steps which constitute a threat modelling process, the most common steps usually involve the following:
- Modelling the system and including components, connections, trust boundaries, and assets which need to be protected.
Analysing the model in a structured way to identify the way in which threats to the system exist and ways in which attacks could take place.
Finding protections against the attacks and implementing them.
Last updated: 2 September 2017