THREAT MODELING

Threat modeling is usually performed either on the initial steps of the Software Development Lifecycle (Inception, Design), or more holistically, in an organizational security overview, prioritizing the importance of assets and the risk of compromising those assets by malicious attacks or unplanned events.

 

The process involves defining enterprise assets, identifying what each application does (or will do) concerning these assets, creating a security profile for each application, identifying and prioritizing potential threats, and documenting adverse events and the actions taken in each case.