Introduction to threat modeling and risk assessment

What is Threat Modeling?

Threat modeling is a structured process with the goal of identifying security requirements, pinpointing security threats and potential vulnerabilities, quantifying threat and vulnerability criticality, and prioritizing remediation methods.

The Four Question Framework

Generally, we ask four basic questions to guide threat modeling: 1. What are we building? 2. What can go wrong? 3. What are we going to do about it? 4. Did we do a good job?

Applying this framework helps us secure systems proactively before they are deployed.