Threat Modeling, Decoded — Charting The Security Journey

Learn why threat modeling is an important step in protecting any connected system.


Connected systems are part of the modern world. There is virtually no aspect of life that is not available online, from shopping and booking tickets to dating, banking, and attending medical appointments. And these trends show no sign of stopping. On the contrary, many services are moving to digital-first or digital-only models, and every day, new products— from toasters to autonomous vehicles — are equipped with internet connectivity.

This is also good news for digital criminals. As the number of valuable targets reachable from the internet grows year after year, the digital underworld has professionalized, becoming a fertile ground for new threats and business models that put highly elaborate attacks in the reach of unskilled actors. With state-sponsored threats also on the rise, securing connected systems has become paramount.

To combat digital criminals, we must think like them, swap mindsets to understand what they are after and how they could compromise our systems to achieve it. Threat modeling formalizes this process, giving teams a way to assess the security of their system architecture and, based on the results, decide how to protect what they most value.

In this white paper, we introduce the reader to the world of threat modeling guided by three questions.

  • What is the point of threat modeling?
  • What does a comprehensive threat model methodology look like?
  • In which directions are threat modeling developing?

By C. Cummings, S. Figueroa, L. Zhao, and D-M. Gluba

Click here to read more.

Leave a Reply

(Note: This name will be displayed publicly)