Threat Modelling

Threat modelling is a powerful approach for identifying cyber risks to a system or organisation. Threat Modelling can be applied at all scales; from a specific device, product or service, all the way up to an entire organisation or industry sector.

Threat modelling begins by describing the scope of the digital and/or information assets of value. These systems are examined to understand their vulnerabilities and dependencies; the internal and external resources that they rely on to function, and the weaknesses or deficiencies that they contain.

The threats these assets face are also described; from sophisticated nation-state hackers to supply-chain compromise and employee error. These are characterised according to capability, opportunity, and intent, which provides a deeper understanding of how they manifest and how they can be risk-managed.

Once these elements have been defined, specialist techniques are used to derive the types of cyber risk events which might occur. The output is a model which describes the sources or causes of risks, the risk events themselves, the ways in which they could occur, and the impacts these risks would have on the organisation.

Threat modelling is primarily used to provide a comprehensive understanding of the cyber risks faced by a system or organisation. The way the output is structured allows quick and easy identification of targeted measures to manage those risks. Threat modelling can therefore be used to design a variety of threat-led cyber risk management activities, from ingesting custom threat intelligence reporting and Indicators of Compromise, to designing secure systems and protections, monitoring and detection mechanisms, conducting threat hunting, and delivering cyber incident response capabilities.