Threat modeling is a risk-based approach to securing your enterprise IT systems. It is based on identifying threats and ways of mitigating them.
Threat modeling is a method of identifying risks for all parts of your infrastructure and collaborating with the appropriate people to mitigate those risks. It means starting from the potential threats for your specific enterprise, rather than just following a checklist.
Threat modelling should help you identify threats and prioritize the most important ones.
There is no standard approach to what constitutes a threat model and creating an appropriate model for your enterprise isn’t simple.
Threat modelling is increasingly used in enterprises that work with modern software engineering practices.
What is it?
Threat modeling is a method of identifying risks for all parts of your IT systems and collaborating with the appropriate people to mitigate those risks. It means starting from the potential threats for your specific enterprise, rather than just following a checklist.
The core of the concept is very simple. It is about understanding the threats you face as an enterprise and the risks associated with. With this knowledge, you can protect your system in a risk-based way.
Learning threat modeling is a crucial skill for developers, we believe. We need an agile approach with security requirements built-in as first-class citizens and the correct use of tools to tame the complexity.
What’s in it for you?
The purpose of threat modeling is to create a risk-based approach to securing your enterprise — you focus on the threats that will impact you most.
It can also be an important part of establishing a culture of shared ownership, so that security is everyone’s problem. This shared responsibility can help your team react to potential issues earlier, before they are expensive to address.
What are the trade-offs?
The term 'threat model' is obscure technical jargon for most people adding unnecessary mystique. And if you research the topic of threat modeling, the information can be overwhelming and hard to action. There is no agreed standard for a 'threat model.'
Coming to understand the threat model for your system is not simple. There are an unlimited number of threats you can imagine to any system, and many of them could be likely. And many of the threats you can imagine can combine in unexpected, unpredictable, and even chaotic ways. Factors to do with culture, process, and technology all contribute.
This complexity and uncertainty are at the root of the cybersecurity problem. This is why security requirements are so demanding for software development teams to agree upon.
How is it being used?
Threat modeling is part of agile security practices, where software development teams build security into their software. Getting product owners involved is a great opportunity from a risk management perspective. Product owners have insights into user behaviour and business context that software developers simply lack. They should know about the value of particular services to the business and the impact if that data was exposed or lost.
Search for another topic
Would you like to suggest a topic to be decoded?
Just leave your email address and we'll be in touch the moment it's ready.