What Does Threat Modeling Mean?
Threat modeling is a systematic process for identifying and rating security-related threats to a specific information technology (IT) system. The process involves systematically identifying security threats and rating them according to their severity and level of probability. Threat modeling plays an important role in risk management.
The goal of threat modeling is to evaluate attack surfaces, predict potential attack vectors and put procedures in place to lower the risk that an attack will be successful.
A well-developed threat model:
1. Documents how a particular information technology (IT) system is intended to function.
2. Identifies what attack vectors might be used against this particular system.
3. Explains what counter-measures have been put in place to protect the system.
The process involves systematically identifying security threats and rating them according to severity and level of occurrence probability. Threat modeling plays an important role in risk management.