Threat Modeling

What Does Threat Modeling Mean?

Threat modeling is a systematic process for identifying and rating security-related threats to a specific information technology (IT) system. The process involves identifying security threats and rating them according to their severity and level of probability. Threat modeling plays an important role in risk management.

Advertisements

The goal of threat modeling is to evaluate attack surfaces, predict potential attack vectors and put procedures in place to lower the risk that an attack will be successful.

A well-developed threat model:

1. Documents how a particular information technology (IT) system is intended to function.

2. Identifies what attack vectors might be used against this particular system.

3. Explains what counter-measures have been put in place to protect the system.

Techopedia Explains Threat Modeling

Threat modeling is conducted early in the design phase of a system or application and is used to pinpoint the motives and attack vectors that could be used by an attacker. This involves thinking like an attacker and using two different types of models: a digital twin of what it is being built and a model of security threats likely to be used against it.

The strategies used to carry out threat modeling can be broadly divided into two groups, attack tree-based approaches and stochastic model-based approaches. Attack trees formally describe how secure a system is likely to remain against a variety of attacks. Stochastic models commonly convert system models to Markov chains to learn what dependencies might impact the probability that an attack will be successful.

Advertisements

Related Terms

Latest Artificial Intelligence Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Blockchain

Project Guardian: Singapore’s Plan for DeFi and Tokenization

Jinia Shawdagor2 years
dummy_img
Cloud Computing

The Top 8 Cloud Computing Podcasts

Linda Rosencrance2 years
dummy_img
Artificial Intelligence

The Rise of AI in Quantitative Finance – Mastering the Market with Math and Machines

Aayush Mittal2 yearsAI & ML Software Engineer
dummy_img
Investing

Largest BlackRock Shareholders: Who Owns the Most BLK Stock in 2023?

Indrabati Lahiri2 yearsFinancial Writer & Editor
dummy_img
Artificial Intelligence

10 Incredible Examples of AI-Generated Videos

Tim Keary2 yearsTechnology Expert
dummy_img
Featured Content

Coinbase Advanced Is the Pinnacle of Trust and Security for Those Trading Cryptocurrency – Here’s Why

Alan Draper2 yearsEditor-in-Chief

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Investing
Investing
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
VoIP
VoIP
VPN
VPN