back to checklists

Threat modeling

Threat modeling is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, quantify, and address the security risks associated with an application. Threat modeling is a powerful tool for improving security in overall processes and systems without needing to do things like code reviews or penetration testing, as it deals with the overarching system architecture and data flows.

Each of the steps below must be documented as they are carried out. The resulting document is the threat model for the application.

  • Before you begin

  • Decomposing the application

  • Determining and ranking risks and threats

  • Applying countermeasures

  • Maintaining the threat model into the future


back to checklists

The Office of Privacy and Data Protection announces beta testing of “Privacy Modeling,” a new web application that identifies the privacy laws relevant to the product or service you wish to create.

Go to Privacy Modelling App

Something went wrong. Please try again.