Threat modeling
Threat modeling
A proactive cybersecurity practice used to systematically identify, assess, and mitigate potential security threats before systems are attacked. Rather than reacting to incidents, organizations use threat modeling during design, development, and planning to understand what could go wrong, how, and with what business impact.
What threat modeling is (in simple terms)
Threat modeling answers four core questions:
- What are we building?
→ Understand the system, architecture, data flows, users, and assets.
2. What can go wrong?
→ Identify threats, vulnerabilities,
and attack paths.
3. What are we going to do about it?
→ Decide security controls and
mitigations.
4. Did we do a good job?
→ Validate, test, and review
assumptions.
This makes threat modeling both technical and business-oriented.
Why threat modeling is important
Threat modeling helps organizations:
- Prevent security incidents early (cheaper than fixing later)
- Prioritize risks based on business impact
- Improve secure system design
- Support compliance (e.g., GDPR, ISO 27001)
- Align IT security with business strategy
Instead of protecting everything equally, threat modeling focuses on what matters most.
Common threat modeling framework: STRIDE
Shostack popularized the STRIDE model, which categorizes threats into six types:
- Spoofing – pretending to be someone else
- Tampering – altering data or systems
- Repudiation – denying actions taken
- Information disclosure – data leaks
- Denial of service – system outages
- Elevation of privilege – gaining higher access
STRIDE helps teams systematically think through threats rather than guessing.
Example (business-oriented)
Imagine a CRM system:
- Asset: Investor and startup data
- Threat: Unauthorized access
- Vulnerability: Weak role-based access control
- Impact: GDPR violation, reputational damage
- Mitigation: Strong authentication, access logging, role separation
This shows how threat modeling connects technology → risk → business impact → solution.
Why Shostack emphasizes “proactive”
Why Shostack emphasizes “proactive”
Why Shostack emphasizes “proactive”
According to Adam Shostack, threat modeling should be:
- Continuous (not one-time)
- Integrated into system design
- Collaborative (developers, business, security)
This mindset shifts security from being a technical afterthought to a strategic capability.
Summary
Threat modeling is a structured, proactive method for identifying and analyzing security threats and vulnerabilities by linking system weaknesses to potential business impacts, enabling informed risk-based security decisions.