Threat Modelling
Dolapo OmodeniThreat modeling works by identifying the types of threat agents that cause harm to an application or computer system. It adopts the perspective of malicious hackers to see how much damage they could do.
When conducting threat modeling, organizations perform a thorough analysis of the software architecture, business context, and other artifacts (e.g., functional specifications, user documentation). This process enables a deeper understanding and discovery of important aspects of the system. Typically, organizations conduct threat modeling during the design stage (but it can occur at other stages) of a new application to help developers find vulnerabilities and become aware of the security implications of their design, code, and configuration decisions. Generally, developers perform threat modeling in four steps:
- Diagram. What are we building?
- Identify threats. What could go wrong?
- Mitigate. What are we doing to defend against threats?
- Validate. Have we acted on each of the previous steps?
Subscribe to my newsletter
Read articles from Dolapo Omodeni directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Dolapo Omodeni
Dolapo Omodeni
Hello there, I am Dolapo Omodeni, a passionate and driven cyber security professional with expertise in safeguarding assets and controls from cyber attacks. My Competencies include: Skills: Vulnerability Analysis. Network Security. Endpoint Detection and Response. Identity and Access Management. Artificial Intelligence. Information Security Management Systems (ISMS). Cyber Risk Management and Mitigation Vendor and Third-Party Risk Management Data Loss Prevention Incident Response