This resource is no longer available
Threat modelling is an umbrella term covering a variety of powerful techniques for understanding the underlying causes of risks, enabling more effective risk management solutions to be designed and implemented.
Every possible risk is caused by one or more underlying threats, and identifying and understanding threats enables earlier and more complete risk mitigation. As yet, there is no generally accepted approach to threat modelling.
However, the shared aim of most techniques is to facilitate rapid, cost-effective exploration of leading indicators of future risks, allowing appropriate risk mitigation resources to be assigned in a timely manner.
In general, threat modelling should be performed actively throughout the development lifecycle of systems and software. Since it is impossible to predict all threats, even the best threat models are subject to errors and omissions.
A well-managed threat modelling process ensures that analysis of actual incidents and live threat intelligence feeds are used continuously to refine threat models. This article gives an overview of the value of threat modelling and describes some common modelling techniques.
- Vendor:
- TechTarget ComputerWeekly.com
- Posted:
- Feb 8, 2021
- Published:
- Mar 2, 2016
- Format:
- Type:
- Essential Guide
