Definition - What does Threat Modeling mean?
Threat modeling is a computer security optimization process that allows for a structured approach while properly identifying and addressing system threats. The process involves systematically identifying security threats and rating them according to severity and level of occurrence probability.
By identifying and rating these security threats through a solid understanding of the system or application, a security officer can logically address the threats, beginning with the most pressing.
Techopedia explains Threat Modeling
The basis for the creation of a threat model is the development of a security specification and subsequent testing of the integrity of that specification. The process is conducted early in the design phase of a system or application and used to pinpoint the motives and methods used by an attacker to identify system threats and vulnerabilities. In other words, threat modeling involves thinking like an attacker.
Threat modeling is geared toward accomplishing the following:
- Identifying, investigating and rating potential threats and vulnerabilities
- Identifying logical thought processes for defining the system's security
- Creating a set of standard documents that can be used to create specifications and security testing and prevent future duplication of security efforts
- Reducing threats and vulnerabilities
- Defining the overall security level of a system or application