Threat Modeling Methods

We all want to have more security online, especially with how digital our world has become. Oftentimes, it’s hard to know if you’re really protected or if you’re in danger of real risk. So, if your organization is facing (or potentially facing) cyber security breaches, you may want to consider a threat modeling system. This post describes five threat modeling methods that you could potentially use.

Breaches of confidentiality and unauthorized access are just the beginning of a long list of potential disasters that an organization can face without the appropriate level of cyber security.

Still, with various methods available, it’s hard to know which route to take. That’s why we’ve gathered our top five threat modeling methods to help you make a better decision about what’s right for you. Read on to learn more.

What is Threat Modeling?

In today’s world of constant technological advancements, anticipating systems’ threats is of paramount importance. Whether the danger lies within an organization or comes from the outside, the system that keeps that business operational may face an attack that can or will leave it debilitated or having lost crucial and or confidential information.

Threat modeling is a way to identify security requirements and zone in on the threats and potential vulnerabilities your organization could face. Once those areas have been identified and ranked in importance, threat modeling prioritizes the best solutions to the issues at hand.

So, threat modeling is your way to assess the danger before it happens and put measures in place to mitigate any possible disaster. You actually do this without realizing it when you try to prevent disaster from happening in your day-to-day life.

Five Threat Modeling Methods

Choosing the best first line of defense to prevent threats from gaining ground within a system is crucial to protecting your online security.

Threat modeling systems can focus on risk, vulnerability, or privacy concerns. The sooner threat modeling is implemented, the better you can assess potential attacks, prepare strategies, and be protected from intrusion or penetration.

The following five threat modeling methods have a proven track record of executing their roles efficiently and have defended many systems against considerable threats. As a result, their algorithms and processes are vital to the security of an organization and its cyber security.

Let’s look at them in further detail.


STRIDE has been around for over 20 years and remains one of the most well known and effective threat modeling methods. STRIDE threat modeling was first developed at Microsoft. It has been used for many years at Microsoft to help secure their software and software development processes.

STRIDE is a mnemonic of six types of security threats:

Spoofing: Relates to an attacker pretending to be another person or system.

Tampering: Relates to an attacker tampering or modifying data in an application or system.

Repudiation: Relates to the ability to confirm whether an action was performed by a specific person or system.

Information Disclosure: Relates to gaining access to confidential information (and as a next step, potentially disclosing the confidential information further).

Denial of Service: Relates to making the application or system unavailable by maliciously using up all available resources.

Elevation of Privilege: Relates to elevating or increasing privileges, either from having none at all to having something, or having some privileges and increasing this (for example from a normal user to an administrative user).

STRIDE can identify potential threats and weaknesses in an application. With that information, it is possible to build stronger countermeasures and mitigations.

If you’d like to learn more about STRIDE:


The Process For Attack Simulation and Analysis: PASTA threat modeling is focused on seven stages of risk-centered threat modeling.

This strategy integrates well into a risk management process as it is based on the concept of responding to expected attack patterns by addressing high-impact use cases.

PASTA takes an integrated approach to threat modeling, centered around risk analysis. It is designed to identify what is at risk of a potential cyber security threat.

Through the seven-stage analysis, PASTA will:

  • Define objectives
  • Define technical scope
  • Face application decomposition
  • Perform a threat analysis
  • Run a vulnerability and weakness analysis
  • Attack modeling
  • Complete risk and impact analysis

PASTA is one of the most efficient because it operates strategically and uses security input from operations, governance, architecture, and development as crucial decision-making tools.


TRIKE was created to use threat modeling in a cyber security framework for security audits. The threat is examined from a risk-management and defensive stance and a modeling framework created around that.

Like many other methods, establishing a system is the first step in the Trike technique. After that, the analyst will construct a requirement model by listing and acquiring knowledge of the actors, assets, expected actions, and rules that make up the system.

During this stage of the process, an actor-asset-action matrix will be constructed. In this matrix, the rows will represent the actors, and the columns will represent the assets.

Each matrix cell has four portions for each CRUD action (CRUD stands for: creating, reading, updating, and deleting).

These cells can be filled with one of three values:

  1. Approved activity
  2. Forbidden activity
  3. Action with rules

Then, a rule tree is connected to each one.

After needs are established, a data flow diagram (DFD) is constructed. Each component is then assigned to a number of actors and resources.

TRIKE finds threats by going through the DFD several times. These threats can be classified as either denial of service or elevations of privilege.

Trike employs a five-point scale for each activity, based on the probability of the action, to evaluate the danger of attacks that may impact assets through CRUD.

The dangers that attacks are predicted to pose to the system are graded on a five-point scale (lower number = higher risk). Additionally, attacks are rated on a three-dimensional scale for each action they might take on each object (always, occasionally, never).


LINDDUN is a system that focuses on privacy issues detectable through threat modeling, which can be used to prevent a breach of data security.

Based on seven core principles that lay bare the critical components utilized to predict, assess, and protect against threats, LINDUNN offers the following:

Linkability: LINDDUN offers a method for linking two pieces of relevant information without disclosing the identities of the data subject(s) involved.

Identifiability: The system offers a way to single out one data subject by using an item of interest as the identifying factor and separating it from the rest of the data subjects.

Non-repudiation: An allegation cannot be disputed (e.g., having performed an action or sent a request).

Detectability: Regardless of whether or not they are able to decipher the contents themselves, LINDUNN offers the ability to determine whether or not a particular item of interest concerning a data subject actually exists.

Disclosure of information: This allows the capability of acquiring knowledge regarding the contents of a data subject’s item of interest.

Unawareness: LINDUNN will mask the data subject’s ability to know if their personal data is being collected, processed, stored, or shared.

Non-compliance: The mishandling of personal data that is not in compliance with applicable law, rule, and/or policy will be marked as a non-compliance issue.

LINDDUN also provides a systematic method for conducting privacy assessments and consists of five main steps:

Step 1: Implementation of a DFD of the system

Step 2: Outline the system’s data flows, stores, procedures, and external entities.

Step 3: Determine if a threat applies to the system

Step 4: Construct threat trees by methodically iterating over all model elements

Step 5: Examine them from the perspective of threat categories

Attack Trees

One of the oldest and most used strategies for cyber and physical systems is the usage of attack trees to imitate threats. Prior to being combined with other approaches and frameworks, attack trees were previously utilized separately.

Attack trees are visualizations that show system attacks as trees. The attack’s target is the tree root; using the leaves is one way to get there. A distinct tree is used to represent each objective. As a result, the system threat analysis generates a collection of attack trees.

Attack trees can be developed for individual components as opposed to the entire system in the case of complicated systems. Administrators can create attack trees and utilize them to evaluate various attack types, decide whether their systems are vulnerable to attacks, and influence security decisions.

This methodology has been employed frequently in recent years within other frameworks like STRIDE, CVSS, and PASTA, as well as in conjunction with other techniques.

Conclusion on The Various Threat Modeling Methods

So there you have it – our list of top five threat modeling methods, each of which has been tried and tested in the process of preventing assaults on your data.

There will inevitably be a breach in the network’s security at some point. If you make an investment to evaluate the susceptibility of your system and the level of danger, you will be better equipped to preserve the safety of both your data and your operating system intact.That’s why you need to make sure to consider the best threat modeling system for you to strengthen your cyber security and keep your organization running smoothly.

Connect with me

Enter your Email address if you want to connect and receive threat modeling updates (I won’t spam you or share your contact details).


Try my threat modeling tool, it's completely free to use.

Thanks for signing up!