What is Threat Modeling: Process and Methodologies

As hacking incidents continue to increase, cybersecurity has become a top priority in today’s digital world. With more aspects of our lives moving online, both businesses and individuals have a lot to lose from security breaches.

To address this concern, cybersecurity professionals are utilizing a variety of defenses and countermeasures to protect sensitive information and transactional data. Given the vast number and types of attacks currently available, this is a monumental task.

To address this challenge, threat modeling has emerged as a crucial component in the field of cybersecurity. In this article, we will delve into the concept of threat modeling in cybersecurity, its importance, and the various methodologies available.

Intro to Threat Modelling

Threat Modeling is a method of optimizing network security by finding vulnerabilities, identifying objectives, and developing countermeasures to prevent or reduce the effects of cyber attacks on systems.

While security teams on duty within the organization can perform Threat Modeling from any point during development, doing so early in the project is best practice. This way, threats can be identified quickly and dealt with before they become problems.

Threat Modeling Process

The Threat Modeling process consists of defining enterprise assets, identifying the functions used in each application in the grand scheme, and building a security profile for each application.

The process continues by identifying and prioritizing potential threats, then documenting the hazardous events and what actions should be taken to resolve them.

In layperson’s terms, Threat Modeling is taking a step back to assess an organization’s digital and network assets, identify weak points, determine existing threats, and determine future plans to protect or recover.

While the term Threat Modeling may sound foreign, you would be surprised how little attention is paid to security in some sectors.

We’re talking about a world where some people use “Password” as a password yet still leave their mobile devices unattended.

With that said, it’s no surprise that many organizations and businesses still need to consider the idea of Threat Modeling.

Threat Modelling Methodology

There are many ways to fight cybercrime from several types of cyber attacks. One of them is by using the Threat Modeling methodology. Here are the ten most popular Threat Modeling methodologies currently in use.


The methodology developed by Microsoft for Threat Modeling, STRIDE, is used to identify security threats where the threats are divided into six categories, namely:

Spoofing: Intruders impersonating other users, components, or system features that contain identities in the modeled system.

Tampering: Alteration of data in systems to achieve malicious purposes.

Repudiation: The ability of an intruder to deny that they are carrying out some malicious activity in the absence of sufficient evidence.

Information Disclosure: Expose protected data to unauthorized users to view.

Denial of Service: Intruders use unauthorized means to obtain services so that other users cannot access these services.

Elevation of Privilege: Allows intruders to execute unauthorized commands and functions.


It was proposed as a methodology for Threat Modeling, but Microsoft discontinued it in 2008 due to inconsistent methodology ratings. But OpenStack and many other organizations today still use DREAD. This methodology is basically a way to rank and assess security risks which are divided into five categories, namely:

Damage Potential: Measures the level of damage resulting from exploited weaknesses.

Reproducibility: Measures the ease with which an attack can reproduce.

Exploitability: Measures the effort required to launch an attack.

Affected Users: Measures how many users were affected if the exploit became widely available.

Discoverability: Measures how easy it is to find threats.


PASTA stands for Process for Attack Simulation and Threat Analysis. This methodology has seven steps centered on risk.

This methodology is used for dynamic threat identification, enumeration, and assessment processes. Once the experts have detailedly analyzed the identified threats, the developer can develop an asset-centric mitigation strategy by analyzing the application through an attacker-centric view.

4. Trikes

Trike focuses on using threat modeling as a risk management tool. The threat model is built based on the requirements model and establishes an ‘acceptable’ risk level determined by stakeholders to be assigned to each asset class.

Requirements model analysis generates a threat model in which threats are identified and assigned a risk score. The completed threat model is then used to build a quantifiable risk model, factor in action, asset, role, and risk exposure.


VAST stands for Visual, Agile, and Simple Threat. This methodology provides actionable output for the specific needs of various stakeholders such as application architects and developers, cyber security personnel, etc.

VAST offers unique application and infrastructure visualization planning so that the creation and use of threat models do not require particular expertise in security.

6. Attack Tree

The Tree methodology is a conceptual diagram that shows how an asset or target can be attacked consisting of a root node with branching nodes that can be added.

A child node is a condition that must be met to make the parent node immediately value true. Each node is directly related to the child nodes below it.

This methodology has ‘AND’ and ‘OR’ options, which describe alternative steps to achieve a goal.

7. Common Vulnerability Scoring System (CVSS)

This method provides a way to capture the key characteristics of a vulnerability and assign a numerical score (ranging from 0-10, with 10 being the worst) indicating how severe it is.

Scores are then translated into qualitative representations (e.g., Low, Moderate, High, and Critical). This representation helps organizations effectively assess and prioritize unique vulnerability management processes.

8. T-MAP

T-MAP is commonly used in Commercial Off the Shelf (COTS) systems to calculate attack path weights. This model incorporates UML class diagrams, including access classes, vulnerabilities, target assets, and affected values.


The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) process is a risk-based strategic assessment and planning method. OCTAVE focuses on assessing organizational risk only and does not address technology risk. OCTAVE has three phases, namely:

  1. Build an asset-based threat profile. (Organizational evaluation).
  2. Identify infrastructure vulnerabilities. (Information infrastructure evaluation).
  3. Develop and plan security strategy. (Risk evaluation of critical assets and corporate decision-making.).

10. Quantitative Threat Modeling Method

This hybrid method combines attack trees, STRIDE, and CVSS methods. This methodology addresses some pressing issues with Threat Modeling for cyber-physical systems that contain complex interdependencies within each component.

The first step is to build a component that attacks trees for the STRIDE category. These trees describe dependencies in attack categories and component attributes at a low level. Then the CVSS method is applied to calculate the scores of all tree components.

Leave a Comment