Threat modelling is a critical component of an organisation’s cybersecurity and risk management framework. The process will identify potential threats, assess vulnerabilities, and implement effective controls.
Key outputs of a threat modelling exercise in a large organisation will include:
1. Threat Model Diagram. A visual representation of systems, data flows, and trust boundaries. Common formats include Data Flow Diagrams (DFDs) or Process Flow Diagrams, highlighting how data moves through the system and where risks may emerge.
2. Threat Inventory and Analysis. A comprehensive list of identified threats, such as phishing, insider threats, and DDoS attacks. Frameworks such as STRIDE can be helpful to identify and classify threats (STRIDE = Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).
3. Risk Assessment. An analysis of the likelihood and impact of each threat, typically presented in a risk matrix. For the analysis to move further up the organisational chain, it can be helpful to map threats to existing risk frameworks, such as operational risk categories.
4. Vulnerabilities and Weaknesses. Identified gaps in security controls. This section highlights areas requiring immediate attention, as well as those less urgent that would improve overall security posture.
5. Mitigation Strategies and Controls. A list of recommended security measures and controls to reduce or eliminate identified threats. This is where organisations will likely align controls with those frameworks already in use.
6. Residual Risk and Acceptance. An evaluation of the remaining risks after implementing controls. This includes documentation of risk acceptance decisions, typically signed off up the chain to accountable executives, or their delegates.
7. Assumptions and Dependencies. Documented assumptions and dependencies, such as where we may not control the process, such as reliance on shared services, third-party security controls or cloud provider security measures.
8. Action Plan and Ownership. A clear roadmap with specific actions, target dates or deadlines, and named owners for each task.
Learn
- Microsoft Threat Modeling Tool - Microsoft Learn
- Threat Modeling Security Fundamentals - Microsoft Learn
- What is Threat Modeling? - Open University
Further reading
- Threat Modeling - Privacy Guides
- Threat Modeling - owasp community
- OWASP Threat Modeling Project - owasp
- Threat Model - Wikipedia
- Threat modelling - NCSC Guidance
- Threat Modeling - Microsoft Engineering
- Threat Modelling - UK Government Cabinet office
- Performing threat modelling - UK Government Security
- How I learned to stop worrying (mostly) and love my threat model - Ars technica