Threat modelling is a process of identifying threats to a system (or components of a system) by modelling the system in question, identifying the vulnerabilities that exist, and the possible exploits which might make use of those vulnerabilities.

Systems can be modelled in a variety of ways, with the most common being asset-centric, attacker-centric or software-centric. which allows for different ways to understand how the system being modelled can be attacked.

Although there are no agreed list of steps which constitute a threat modelling process, the most common steps usually involve the following:

  • Modelling the system and including components, connections, trust boundaries, and assets which need to be protected.

  • Analysing the model in a structured way to identify the way in which threats to the system exist and ways in which attacks could take place.

  • Finding protections against the attacks and implementing them.


Last updated: 2 September 2017