Threat Modeling

Definition - What does Threat Modeling mean?

Threat modeling is a computer security optimization process that allows for a structured approach while properly identifying and addressing system threats. The process involves systematically identifying security threats and rating them according to severity and level of occurrence probability.

By identifying and rating these security threats through a solid understanding of the system or application, a security officer can logically address the threats, beginning with the most pressing.

[Free Harvard Research Report] Getting Workers More Comfortable With Technology Beyond Productivity Gains

Techopedia explains Threat Modeling

The basis for the creation of a threat model is the development of a security specification and subsequent testing of the integrity of that specification. The process is conducted early in the design phase of a system or application and used to pinpoint the motives and methods used by an attacker to identify system threats and vulnerabilities. In other words, threat modeling involves thinking like an attacker.

Threat modeling is geared toward accomplishing the following:

Identifying, investigating and rating potential threats and vulnerabilities
Identifying logical thought processes for defining the system's security
Creating a set of standard documents that can be used to create specifications and security testing and prevent future duplication of security efforts
Reducing threats and vulnerabilities
Defining the overall security level of a system or application