You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Threat modelling is the structured process of identifying potential threats to a network, understanding their impact, and prioritising defences. Combined with risk assessment, it allows organisations to make informed decisions about where to invest their security resources.
Threat modelling answers four fundamental questions:
| Question | Purpose |
|---|---|
| What are we building/protecting? | Define the scope — network architecture, assets, data flows |
| What can go wrong? | Identify threats and attack vectors |
| What are we going to do about it? | Define mitigations and controls |
| Did we do a good enough job? | Validate through testing and review |
Developed by Microsoft, STRIDE categorises threats into six types:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.