Threat Modeling

What Does Threat Modeling Mean?

Threat modeling is a systematic process for identifying and rating security-related threats to a specific information technology (IT) system. The process involves identifying security threats and rating them according to their severity and level of probability. Threat modeling plays an important role in risk management.


The goal of threat modeling is to evaluate attack surfaces, predict potential attack vectors and put procedures in place to lower the risk that an attack will be successful.

A well-developed threat model:

1. Documents how a particular information technology (IT) system is intended to function.

2. Identifies what attack vectors might be used against this particular system.

3. Explains what counter-measures have been put in place to protect the system.

Techopedia Explains Threat Modeling

Threat modeling is conducted early in the design phase of a system or application and is used to pinpoint the motives and attack vectors that could be used by an attacker. This involves thinking like an attacker and using two different types of models: a digital twin of what it is being built and a model of security threats likely to be used against it.

The strategies used to carry out threat modeling can be broadly divided into two groups, attack tree-based approaches and stochastic model-based approaches. Attack trees formally describe how secure a system is likely to remain against a variety of attacks. Stochastic models commonly convert system models to Markov chains to learn what dependencies might impact the probability that an attack will be successful.


Related Terms

Latest Artificial Intelligence Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…