{"id":51664,"date":"2021-12-06T07:44:34","date_gmt":"2021-12-06T02:14:34","guid":{"rendered":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/"},"modified":"2024-03-07T12:28:01","modified_gmt":"2024-03-07T06:58:01","slug":"what-is-threat-modeling-and-how-does-it-work","status":"publish","type":"post","link":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/","title":{"rendered":"What Is Threat Modeling and How Does It Work?"},"content":{"rendered":"\n<ul class=\"wp-block-list\">\n<li><a href=\"#What is threat modeling?\">What is threat modeling?<\/a><\/li>\n\n\n\n<li><a href=\"#Threat Modeling Steps\">Threat Modeling Steps<\/a><\/li>\n\n\n\n<li><a href=\"#Why is threat modeling necessary?\">Why is threat modeling necessary?<\/a><\/li>\n\n\n\n<li><a href=\"#How does threat modeling work?\">How does threat modeling work?<\/a><\/li>\n\n\n\n<li><a href=\"#Threat modeling best practices\">Threat modeling best practices<\/a><\/li>\n\n\n\n<li><a href=\"#How to measure the effectiveness of threat modeling?\">How to measure the effectiveness of threat modeling?<\/a><\/li>\n\n\n\n<li><a href=\"#Advantages of threat modeling\">Advantages of threat modeling<\/a><\/li>\n\n\n\n<li><a href=\"#How to choose Threat Modeling Method?\">How to choose Threat Modeling Method?<\/a><\/li>\n\n\n\n<li><a href=\"#Threat modeling tools\">Threat modeling tools<\/a><\/li>\n\n\n\n<li><a href=\"#Common Threat Modeling Misconceptions\">Common Threat Modeling Misconceptions<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what-is-threat-modeling\"><strong>What is threat modeling?<\/strong><\/h2>\n\n\n\n<p>Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations. Threat modeling is a key responsibility for any cybersecurity team to protect their organization with an analysis of what security controls are required based on the current threat landscape, and target system.<\/p>\n\n\n\n<p>Threat modeling is a collaboration between Security Architects, Security Operations, and the threat intelligence team to understand each other\u2019s challenges.<\/p>\n\n\n\n<p>Threat modeling can be applied to software, applications, systems, networks, distributed systems, Internet of Things (IoT) devices, and business processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"threat-modeling-steps\"><strong>Threat Modeling Steps<\/strong><\/h2>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"there-are-five-major-threat-modeling-steps\"><strong>There are five major threat modeling steps:<\/strong><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;Defining security requirements.&nbsp;<\/li>\n\n\n\n<li>&nbsp;Creating an application diagram.&nbsp;<\/li>\n\n\n\n<li>&nbsp;Identifying threats.&nbsp;<\/li>\n\n\n\n<li>&nbsp;Mitigating threats.&nbsp;<\/li>\n\n\n\n<li>&nbsp;Validating that threats have been mitigated.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-is-threat-modeling-necessary\"><strong>Why is threat modeling necessary?<\/strong><\/h2>\n\n\n\n<p>IT systems are increasingly vulnerable to <a href=\"https:\/\/www.mygreatlearning.com\/blog\/types-of-cyber-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">cyber attacks<\/a> as organisations become more digital. The increasing use of mobile devices broadens the threat landscape. Startups are not immune to cyberattacks; in fact, they may be more vulnerable because they lack adequate cybersecurity measures. As a result, threat modelling is essential for organisational security because it is a proactive method of detecting threats. This approach results in insecure applications, and resources are used effectively by prioritising anticipated threats.<\/p>\n\n\n\n<p>Threat modeling can be approached in three different ways:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Asset-centric<\/li>\n\n\n\n<li>Attacker-centric<\/li>\n\n\n\n<li>Software-centric<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-does-threat-modeling-work\"><strong>How does threat modeling work?<\/strong><\/h2>\n\n\n\n<p>Threat modelling works by identifying the different types of threat agents and analysing the software architecture and business context. Threat modelling is used by organisations during the design stage to assist developers in identifying vulnerabilities and becoming aware of the security implications of their design. Developers typically perform threat modelling in four steps:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Diagram.&nbsp;<\/li>\n\n\n\n<li>Identify threats.&nbsp;<\/li>\n\n\n\n<li>Mitigate.&nbsp;<\/li>\n\n\n\n<li>Validate.<\/li>\n<\/ul>\n\n\n\n<p>Check out this course on <a href=\"https:\/\/www.mygreatlearning.com\/academy\/learn-for-free\/courses\/model-deployment-in-r\" target=\"_blank\" rel=\"noreferrer noopener\">Model Deployment in R<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"threat-modeling-best-practices\"><strong>Threat modeling best practices<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Start early<\/li>\n\n\n\n<li>Collect input<\/li>\n\n\n\n<li>Usage of tools<\/li>\n\n\n\n<li>Risk tolerance<\/li>\n\n\n\n<li>Educate everyone&nbsp;<\/li>\n\n\n\n<li>Define the scope and depth of analysis<\/li>\n\n\n\n<li>Do not try to tackle all vulnerabilities in one go<\/li>\n\n\n\n<li>Set a time frame for the threat modeling activity<\/li>\n\n\n\n<li>Gain a visual understanding of what you\u2019re threat modeling.&nbsp;<\/li>\n\n\n\n<li>Model the attack possibilities<\/li>\n\n\n\n<li>Identify threats.&nbsp;<\/li>\n\n\n\n<li>Use existing resources<\/li>\n\n\n\n<li>Create a traceability matrix of missing or weak security controls.&nbsp;<\/li>\n\n\n\n<li>Decide on which method to use based on your app and businessCreate an easily accessible document<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-measure-the-effectiveness-of-threat-modeling\"><strong>How to measure the effectiveness of threat modeling?<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Common Vulnerability Scoring System (CVSS):  <\/strong>CVSS produces standardized vulnerabilities scores that can be calculated with a free online tool.<\/li>\n\n\n\n<li><strong>Penetration testing<\/strong>: <a href=\"https:\/\/www.mygreatlearning.com\/blog\/introduction-to-penetration-testing\/\" target=\"_blank\" rel=\"noreferrer noopener\">Penetration testing<\/a> is the process of staging dummy attacks on a system to measure its strengths and weaknesses.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"advantages-of-threat-modeling\"><strong>Advantages of threat modeling<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Automatically Update Risk Exposure<\/li>\n\n\n\n<li>Maintain Accurate and Up-to-Date Risk Profile<\/li>\n\n\n\n<li>Reduce Attack Surface and Promote Consistent Security Policy Enterprise-Wide<\/li>\n\n\n\n<li>Mitigate Risk Enterprise-Wide<\/li>\n\n\n\n<li>Produce Measurable Security<\/li>\n\n\n\n<li>Align Mitigation Strategy with Budgets<\/li>\n\n\n\n<li>Leverage Real-Time Threat Intelligence<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"threat-modeling-tools\"><strong>Threat modeling tools<\/strong><\/h2>\n\n\n\n<p>A threat modeling tool enables you to identify all possible security threats during the design stage of the product.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"8-must-have-features-of-threat-modeling-tools\"><strong>&nbsp;<\/strong>8 Must-Have Features of Threat Modeling Tools<strong>&nbsp;<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-image is-style-default\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/8Z7ZOq7Tm6ucuCb7zuo2CbfGTUOJGN85aYJsCISLzrExCiyf03LjptsIeyFJ7Ooll35u0sdBys_N-4icqqShjmC8YzM8WK_LHeOTp4IdUHWXE-4UDU_s3HktjBi8_0k1RD_2uXjD\" alt=\" 8 Must-Have Features of Threat Modeling Tools \"\/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Kenna.VM<strong>: <\/strong>This is a security offering that reports an application\u2019s risk posture with empirical metrics.<\/li>\n<\/ol>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>This has a unique algorithm to calculate risk metrics of vulnerabilities.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>This is subscription-based, with costs calculated based on the number of assets.<br><\/li>\n<\/ul>\n\n\n\n<p>2. Microsoft Threat Modeling Tool<strong>: <\/strong>This is an open-source tool that follows spoofing, tampering, repudiation, information disclosure.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>This tool has comprehensive documentation and tutorials available.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>The Microsoft Threat Modeling Tool is open source, so there is no pricing involved.<\/li>\n<\/ul>\n\n\n\n<p>3. OWASP Threat Dragon<strong>:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>The main advantage of the OWASP Threat Dragon is its powerful rule engine.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>OWASP Threat Dragon is open-source, so it comes at zero cost to the company.<\/li>\n<\/ul>\n\n\n\n<p>4. SDElements by Security Compass:  SDElements offers a smooth translation of policy into the procedure.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>The USP of SDElements is its abundant integration with a variety of testing tools.&nbsp;<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>SDElements follows three versions one can pick from \u2014 Express, Professional, and Enterprise.<\/li>\n<\/ul>\n\n\n\n<p>5.  SecuriCAD by Foreseeti<strong>: <\/strong>SecuriCAD is a threat modeling tool that creates attack simulations&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>SecuriCAD offers attack simulations.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>It starts from $1380. The Community edition is free.<\/li>\n<\/ul>\n\n\n\n<p>6. Threagile<strong>: <\/strong>Threagile, is an open-sourced, code-based threat modeling tool kit.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>It is the most comprehensive code-driven threat methodology tool.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>Free<\/li>\n<\/ul>\n\n\n\n<p>7. ThreatModeler:<strong> <\/strong>ThreatModeler is a heavyweight in this landscape, offering security and automation throughout the enterprise\u2019s development life cycle. It has three editions \u2014 Community, Appsec, and Cloud.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>&nbsp;<strong>Unique features: <\/strong>ThreatModeler is the first commercially available and automated threat modeling tool. Its VAST methodology offers a holistic view of the attack surface.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>This tool is based on annual subscription-based licenses, with no limit on the number of users.<\/li>\n<\/ul>\n\n\n\n<p>8. Tutamantic: Tutamantic aims to create a living threat model that changes with design.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Unique features: <\/strong>This tool uses Rapid Threat Model Prototyping, which is achieved with a consistent framework, repeatable process, and measurable data.<\/li>\n\n\n\n<li><strong>Pricing model: <\/strong>Tutamantic is free for all in Beta.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-to-choose-threat-modeling-method\"><strong>How to choose Threat Modeling Method?<\/strong><\/h2>\n\n\n\n<p> There are several key factors you should consider when adopting a threat method:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Your industry (and associated threats and risks)<\/li>\n\n\n\n<li>Your security department\u2019s size<\/li>\n\n\n\n<li>The make-up of your organization (and stakeholders)<\/li>\n\n\n\n<li>Available resources<\/li>\n\n\n\n<li>Your risk model and appetite<\/li>\n\n\n\n<li>Reason for threat modeling<\/li>\n\n\n\n<li>What\u2019s involved (employees, devices, code deployment, third-parties)<\/li>\n\n\n\n<li>Available threat models (whether offered by a partner or existing vendor)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"common-threat-modeling-misconceptions\"><strong>Common Threat Modeling Misconceptions <\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>We already review code.<\/li>\n\n\n\n<li>There\u2019s no reason to perform threat modeling after deployment.<\/li>\n\n\n\n<li>It\u2019s too challenging to produce actionable results.<\/li>\n\n\n\n<li>Implementing a comprehensive system requires too many resources.<\/li>\n\n\n\n<li>We need to hire an in-house security specialist.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"wrapping-up\"><strong>Wrapping up<\/strong><\/h2>\n\n\n\n<p>With the world becoming increasingly digital, cyber attacks have become more common and frequent. So follow the above best practices and recommendations for threat modeling.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>What is threat modeling? Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations. Threat modeling is a key responsibility for any cybersecurity team to protect their organization with an analysis of what security controls are required based on the current threat landscape, and target system. Threat modeling is a collaboration [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":49423,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[8],"tags":[],"content_type":[],"class_list":["post-51664","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What Is Threat Modeling and How Does It Work?<\/title>\n<meta name=\"description\" content=\"Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations to protect their organization.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is Threat Modeling and How Does It Work?\" \/>\n<meta property=\"og:description\" content=\"Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations to protect their organization.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/\" \/>\n<meta property=\"og:site_name\" content=\"Great Learning Blog: Free Resources what Matters to shape your Career!\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/GreatLearningOfficial\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-06T02:14:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-07T06:58:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d1m75rqqgidzqn.cloudfront.net\/wp-data\/2021\/11\/11100602\/iStock-479801118.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"724\" \/>\n\t<meta property=\"og:image:height\" content=\"483\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Great Learning Editorial Team\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/Great_Learning\" \/>\n<meta name=\"twitter:site\" content=\"@Great_Learning\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Great Learning Editorial Team\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/\"},\"author\":{\"name\":\"Great Learning Editorial Team\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#\\\/schema\\\/person\\\/6f993d1be4c584a335951e836f2656ad\"},\"headline\":\"What Is Threat Modeling and How Does It Work?\",\"datePublished\":\"2021-12-06T02:14:34+00:00\",\"dateModified\":\"2024-03-07T06:58:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/\"},\"wordCount\":1029,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/iStock-479801118.jpg\",\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/\",\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/\",\"name\":\"What Is Threat Modeling and How Does It Work?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/iStock-479801118.jpg\",\"datePublished\":\"2021-12-06T02:14:34+00:00\",\"dateModified\":\"2024-03-07T06:58:01+00:00\",\"description\":\"Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations to protect their organization.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/iStock-479801118.jpg\",\"contentUrl\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/11\\\/iStock-479801118.jpg\",\"width\":724,\"height\":483,\"caption\":\"A close-up on an abstract design of a display, which is warning about a cyber attack. Multiple rows of hexadecimal code are interrupted by red glowing warnings and single character exclamation marks. The image can represent a variety of threats in the digital world: data theft, data leak, security breach, intrusion, etc...\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/what-is-threat-modeling-and-how-does-it-work\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity\",\"item\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What Is Threat Modeling and How Does It Work?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/\",\"name\":\"Great Learning Blog\",\"description\":\"Learn, Upskill &amp; Career Development Guide and Resources\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#organization\"},\"alternateName\":\"Great Learning\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#organization\",\"name\":\"Great Learning\",\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/GL-Logo.jpg\",\"contentUrl\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/GL-Logo.jpg\",\"width\":900,\"height\":900,\"caption\":\"Great Learning\"},\"image\":{\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/GreatLearningOfficial\\\/\",\"https:\\\/\\\/x.com\\\/Great_Learning\",\"https:\\\/\\\/www.instagram.com\\\/greatlearningofficial\\\/\",\"https:\\\/\\\/www.linkedin.com\\\/school\\\/great-learning\\\/\",\"https:\\\/\\\/in.pinterest.com\\\/greatlearning12\\\/\",\"https:\\\/\\\/www.youtube.com\\\/user\\\/beaconelearning\\\/\"],\"description\":\"Great Learning is a leading global ed-tech company for professional training and higher education. It offers comprehensive, industry-relevant, hands-on learning programs across various business, technology, and interdisciplinary domains driving the digital economy. These programs are developed and offered in collaboration with the world's foremost academic institutions.\",\"email\":\"info@mygreatlearning.com\",\"legalName\":\"Great Learning Education Services Pvt. Ltd\",\"foundingDate\":\"2013-11-29\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"1001\",\"maxValue\":\"5000\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/#\\\/schema\\\/person\\\/6f993d1be4c584a335951e836f2656ad\",\"name\":\"Great Learning Editorial Team\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/unnamed.webp\",\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/unnamed.webp\",\"contentUrl\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/unnamed.webp\",\"caption\":\"Great Learning Editorial Team\"},\"description\":\"The Great Learning Editorial Staff includes a dynamic team of subject matter experts, instructors, and education professionals who combine their deep industry knowledge with innovative teaching methods. Their mission is to provide learners with the skills and insights needed to excel in their careers, whether through upskilling, reskilling, or transitioning into new fields.\",\"sameAs\":[\"https:\\\/\\\/www.mygreatlearning.com\\\/\",\"https:\\\/\\\/in.linkedin.com\\\/school\\\/great-learning\\\/\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/Great_Learning\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCObs0kLIrDjX2LLSybqNaEA\"],\"award\":[\"Best EdTech Company of the Year 2024\",\"Education Economictimes Outstanding Education\\\/Edtech Solution Provider of the Year 2024\",\"Leading E-learning Platform 2024\"],\"url\":\"https:\\\/\\\/www.mygreatlearning.com\\\/blog\\\/author\\\/greatlearning\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What Is Threat Modeling and How Does It Work?","description":"Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations to protect their organization.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/","og_locale":"en_US","og_type":"article","og_title":"What Is Threat Modeling and How Does It Work?","og_description":"Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations to protect their organization.","og_url":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/","og_site_name":"Great Learning Blog: Free Resources what Matters to shape your Career!","article_publisher":"https:\/\/www.facebook.com\/GreatLearningOfficial\/","article_published_time":"2021-12-06T02:14:34+00:00","article_modified_time":"2024-03-07T06:58:01+00:00","og_image":[{"width":724,"height":483,"url":"https:\/\/d1m75rqqgidzqn.cloudfront.net\/wp-data\/2021\/11\/11100602\/iStock-479801118.jpg","type":"image\/jpeg"}],"author":"Great Learning Editorial Team","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/Great_Learning","twitter_site":"@Great_Learning","twitter_misc":{"Written by":"Great Learning Editorial Team","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#article","isPartOf":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/"},"author":{"name":"Great Learning Editorial Team","@id":"https:\/\/www.mygreatlearning.com\/blog\/#\/schema\/person\/6f993d1be4c584a335951e836f2656ad"},"headline":"What Is Threat Modeling and How Does It Work?","datePublished":"2021-12-06T02:14:34+00:00","dateModified":"2024-03-07T06:58:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/"},"wordCount":1029,"commentCount":0,"publisher":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg","articleSection":["Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/","url":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/","name":"What Is Threat Modeling and How Does It Work?","isPartOf":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#primaryimage"},"image":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#primaryimage"},"thumbnailUrl":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg","datePublished":"2021-12-06T02:14:34+00:00","dateModified":"2024-03-07T06:58:01+00:00","description":"Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations to protect their organization.","breadcrumb":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#primaryimage","url":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg","contentUrl":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg","width":724,"height":483,"caption":"A close-up on an abstract design of a display, which is warning about a cyber attack. Multiple rows of hexadecimal code are interrupted by red glowing warnings and single character exclamation marks. The image can represent a variety of threats in the digital world: data theft, data leak, security breach, intrusion, etc..."},{"@type":"BreadcrumbList","@id":"https:\/\/www.mygreatlearning.com\/blog\/what-is-threat-modeling-and-how-does-it-work\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mygreatlearning.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity","item":"https:\/\/www.mygreatlearning.com\/blog\/cybersecurity\/"},{"@type":"ListItem","position":3,"name":"What Is Threat Modeling and How Does It Work?"}]},{"@type":"WebSite","@id":"https:\/\/www.mygreatlearning.com\/blog\/#website","url":"https:\/\/www.mygreatlearning.com\/blog\/","name":"Great Learning Blog","description":"Learn, Upskill &amp; Career Development Guide and Resources","publisher":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/#organization"},"alternateName":"Great Learning","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mygreatlearning.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mygreatlearning.com\/blog\/#organization","name":"Great Learning","url":"https:\/\/www.mygreatlearning.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mygreatlearning.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2022\/06\/GL-Logo.jpg","contentUrl":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2022\/06\/GL-Logo.jpg","width":900,"height":900,"caption":"Great Learning"},"image":{"@id":"https:\/\/www.mygreatlearning.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/GreatLearningOfficial\/","https:\/\/x.com\/Great_Learning","https:\/\/www.instagram.com\/greatlearningofficial\/","https:\/\/www.linkedin.com\/school\/great-learning\/","https:\/\/in.pinterest.com\/greatlearning12\/","https:\/\/www.youtube.com\/user\/beaconelearning\/"],"description":"Great Learning is a leading global ed-tech company for professional training and higher education. It offers comprehensive, industry-relevant, hands-on learning programs across various business, technology, and interdisciplinary domains driving the digital economy. These programs are developed and offered in collaboration with the world's foremost academic institutions.","email":"info@mygreatlearning.com","legalName":"Great Learning Education Services Pvt. Ltd","foundingDate":"2013-11-29","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"1001","maxValue":"5000"}},{"@type":"Person","@id":"https:\/\/www.mygreatlearning.com\/blog\/#\/schema\/person\/6f993d1be4c584a335951e836f2656ad","name":"Great Learning Editorial Team","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2022\/02\/unnamed.webp","url":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2022\/02\/unnamed.webp","contentUrl":"https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2022\/02\/unnamed.webp","caption":"Great Learning Editorial Team"},"description":"The Great Learning Editorial Staff includes a dynamic team of subject matter experts, instructors, and education professionals who combine their deep industry knowledge with innovative teaching methods. Their mission is to provide learners with the skills and insights needed to excel in their careers, whether through upskilling, reskilling, or transitioning into new fields.","sameAs":["https:\/\/www.mygreatlearning.com\/","https:\/\/in.linkedin.com\/school\/great-learning\/","https:\/\/x.com\/https:\/\/twitter.com\/Great_Learning","https:\/\/www.youtube.com\/channel\/UCObs0kLIrDjX2LLSybqNaEA"],"award":["Best EdTech Company of the Year 2024","Education Economictimes Outstanding Education\/Edtech Solution Provider of the Year 2024","Leading E-learning Platform 2024"],"url":"https:\/\/www.mygreatlearning.com\/blog\/author\/greatlearning\/"}]}},"uagb_featured_image_src":{"full":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg",724,483,false],"thumbnail":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118-150x150.jpg",150,150,true],"medium":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118-300x200.jpg",300,200,true],"medium_large":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg",724,483,false],"large":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg",724,483,false],"1536x1536":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg",724,483,false],"2048x2048":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118.jpg",724,483,false],"web-stories-poster-portrait":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118-640x483.jpg",640,483,true],"web-stories-publisher-logo":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118-96x96.jpg",96,96,true],"web-stories-thumbnail":["https:\/\/www.mygreatlearning.com\/blog\/wp-content\/uploads\/2021\/11\/iStock-479801118-150x100.jpg",150,100,true]},"uagb_author_info":{"display_name":"Great Learning Editorial Team","author_link":"https:\/\/www.mygreatlearning.com\/blog\/author\/greatlearning\/"},"uagb_comment_info":0,"uagb_excerpt":"What is threat modeling? Threat modeling is a structured process to enumerate potential threats and prioritize security mitigations. Threat modeling is a key responsibility for any cybersecurity team to protect their organization with an analysis of what security controls are required based on the current threat landscape, and target system. Threat modeling is a collaboration&hellip;","_links":{"self":[{"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/posts\/51664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/comments?post=51664"}],"version-history":[{"count":6,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/posts\/51664\/revisions"}],"predecessor-version":[{"id":94774,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/posts\/51664\/revisions\/94774"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/media\/49423"}],"wp:attachment":[{"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/media?parent=51664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/categories?post=51664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/tags?post=51664"},{"taxonomy":"content_type","embeddable":true,"href":"https:\/\/www.mygreatlearning.com\/blog\/wp-json\/wp\/v2\/content_type?post=51664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}