Threat modeling is the practice of conceptualizing your organization’s worst security fears and how to prevent or mitigate the effects of threats to your system. Top vulnerabilities must be identified, enumerated, and prioritized—all from the point of view of your hypothetical attackers.

Success Stories

Our success stories feature real-world security scenarios. You’ll discover varied approaches adopted by your peers in partnering with Bishop Fox, and how our application security services helped organizations, large and small, across an array of industries assess, identify, and minimize risks.

Securing a Competitive Advantage

As their business expanded, we were there to help Change Healthcare grow and evolve their security posture.

An Introduction to Threat Modeling

Senior Security Consultant Joe Ward explains what you can expect when your organization begins the process of engaging in threat modeling. 

Contact a Threat Modeling Expert

You’re Already Doing Threat Modeling.


Whether it is buckling your seatbelt when you get in your car or turning on your alarm system before you leave your house, you’re already engaging in some form of threat modeling.

Every organization is a target. Threat modeling is a way of realistically viewing a high-risk situation and how you would circumvent it (see example of threats in Figure 1 below). So if the situation should ever manifest, your organization knows the next steps to take and isn’t left helpless or scrambling to act as the smoke clears.  


Graphic showing various cybersecurity threats to consider while doing threat modeling

Illustration 1: Representation of various threats to consider white doing threat modeling


How Do You Start?


Identify assets
Begin with a diagram, similar to the example below, that includes data flows, internal and external processes, and identified trust boundaries. You’ll need to balance the level of detail with enough information to understand a system’s purpose (but without going too deep into specifics of port numbers or variable names).

Identify vulnerabilities and threat actors
You can search for applicable threats whether by identifying potential threat actors, building attack threes, creating attack scenarios, or playing the card game, “Elevation of Privilege” (EOP). 

Identify defensive capabilities
From there, evaluate the model across separate teams (design, engineering, operations, support). A
sk questions like: “What did we miss? Is the response valid? Did we file a ticket/bug/action item for each mitigation?”

Determine risk score
What is our highest priority?” Be objective and realistic.



Where Does Threat Modeling Fall into My Cybersecurity Program? 

Threat modeling isn’t necessarily a first step, but it is a preliminary step. The image below illustrates when to best conduct threat modeling. 

This graphic depicts where threat modeling falls in a holistic cybersecurity program.

FIGURE 2 -This illustration shows where threat modeling is embedded in a holistic security program



What Else Should I Know?


Your first few attempts might be rough, but with time, you will improve at thinking of the threats to your security from a holistic perspective and considering every aspect of the equation. You will eventually become aware of threats you never previously considered and become adept at addressing threats before they escalate into security events or incidents.


To Learn More:


Escalation of Privilege (EOP) Card Game, created by Microsoft

STRIDE Threat Model

DREAD Risk Assessment Model

The OCTAVE Method

Download Threat Modeling Brochure