In a business process, threat modeling is a way to identify both business objectives and threats to the business processes that are the foundation of those objectives. Threat modeling sets up countermeasures by specifying security protection requirements for mission-critical or sensitive information or data.
Threat modeling is both systematic and structured. In cybersecurity threat modeling aims to reduce, eliminate, or mitigate risk to the organization’s IT assets. Successful application of threat modeling provides a deeper process understanding for IT managers, who need to know the impact of potential threats and vulnerabilities and the risk to IT assets.
While different threat modeling frameworks and methods are used, they typically follow similar steps. Those steps include forming a team of organization stakeholders whose membership is diverse and can develop a comprehensive threat model. Next, there must be a general agreement on the scope of the model to focus either on the software application, the organization’s network, or the entire infrastructure. The brainstorming process and collaboration leverage the talents and buy-in of all concerned, as well as acceptance of responsibility in countering threats to the organization.
Once the scope of the threat landscape is defined, the targets can be pinpointed to determine if and where the threats exist. Answering “what-if…?” questions can result in several previously unanticipated threat scenarios. The threat modeling strategy would rank the identified threats through evaluating the outcome, e.g., financial losses and could result in shoring up data security and staff training.
Finally, the process involves documenting all the findings, including actions and mitigation applied to the threats. That documentation can be the basis for future changes to the software.