In this article I’ll provide an explanation of commonly used threat modeling terminology. These are all terms that you’ll no doubt hear about if involved in threat modeling.
Note that depending on the type of threat modeling that you perform, the company you work with, the product or service you provide, the industry that you’re in, etc., determine which terms you are more or less likely to come into contact with.
Application Threat Model: A threat model whereby the resource or asset in scope is an application. The quality attributes of the application threat model (such as threats, security requirements, etc.), are likely to be application oriented (i.e., threats related to application specific threats).
Assessment: An assessment can be performed within a threat model to answer pre-defined questions. The questions and answers help to provide context to the threat model. Questions can also encourage threat modeling participants to think about potential threats and security requirements.
AWS Threat Model: A threat model whereby the resource or asset in scope is AWS cloud-based, using (many) AWS services.
Azure Threat Model: A threat model whereby the resource or asset in scope is Azure cloud-based, using (many) Azure services.
Business: The business which owns the resource or asset in the stope of threat modeling. Risks identified as part of threat modeling will impact the business.
Business Unit: A unit within a Business. A Business Unit often has a specific area of business (geographic, type of product or service, etc.). Risks identified as part of threat modeling will impact a Business Unit, which ultimately impacts the business at large.
Cloud Threat Model: A threat model whereby the resource or asset in scope is cloud-based, using (many) cloud services.
(IT) Controls: (IT) Controls provide protection via actions or checks that are mandated by the business. There are many types of controls, control sets, and control frameworks. Controls are defined via processes outside of threat modeling. However, threat modeling can identify additional controls for increased protection.
Countermeasures: Countermeasures, also known as security requirements, are measures taken to protect against identified threats. A countermeasure either partially or completely mitigates a threat from posing a risk.
Data Flow Diagram: A Data Flow Diagram is a specific type of diagram with the following characteristics: 1) it is kept easy to use and understand by only using 5 diagram components, and 2) is effective at showing flows of data and communication between components. Because it is very easy to use and understand, it is an effective tool for threat modeling.
Datastore: A Datastore is a component of the Data Flow Diagram, it is a generic description of a place where data is stored. This is often a database.
Diagram: Diagrams help to provide an understanding of how something works. The most commonly used Diagram in threat modeling is the Data Flow Diagram. Although, other diagram types can be used just as effectively.
ISO/IEC 27001: ISO/IEC 27001 is a security standard used by many companies. It is helpful to be aware of it in the context of threat modeling, to understand potential applicable security requirements and countermeasures.
Impact: In the context of risk, the impact determines how bad a negative event or risk can be. It is often used qualitatively (meaning it has a description of impact), or quantitatively (meaning it has a numerical measure in US dollars, Euros, etc.).
IT: Information Technology, either in the context of technology or in the context of the IT department.
Likelihood: In the context of risk, the likelihood determines how likely (or probable) a negative event or risk is from occurring.
NIST: NIST stands for National Institute of Standards and Technology, and in cyber security relates to various standards such as NIST Cyber Security Framework, NIST 800-53 (control set), etc.
NIST Cyber Security Framework (CSF): NIST Cyber Security Framework is a set of standards, best practices, and guidelines to manage cyber security risks (and programs).
PASTA Threat Modeling: A specific method to perform threat modeling, in an effort to standardize and improve threat modeling.
Report: Threat modeling should result in a report that can be analyzed by the team involved in threat modeling and management.
Risk: Something that will negatively impact a business. In the context of threat modeling, it is often an IT risk. Risk consists of: Risk = Likelihood x Impact.
Security by Design: Security by Design refers to the practice of including security from the early phases of a project, an IT change, or similar. Threat modeling provides security by design.
Security Requirements: Requirements used within a project, or an IT change, that are security-based.
STRIDE Threat Modeling: STRIDE threat modeling is a type of threat modeling. Put another way, it is a methodology to identify types of threats within an application, system, or (business) process.
Threat: A threat is something that can negatively impact an application, system, or (business) process. The threat can be very broad, to very specific. A threat can exist due to a lack of countermeasures or defenses.
Threat Modeling Tool: A threat modeling tool helps to perform threat modeling by providing automation, and guidance according to a pre-defined method, and provides helpful features for rolling out threat modeling in a company.
TRIKE: TRIKE is an open-source threat modeling methodology and tool.
Trust Zone: A Trust Zone is an area (often within a diagram), indicating how much trust can be assigned to it. Often it is related to an IT network. Examples of trust zones are the internet (no trust), the internal network (higher trust), or non-IT such as the internal business (high trust), or the outside world (no trust).
Vulnerability: A Vulnerability is a known weakness in an application or IT system. A Vulnerability can be exploited to do something bad, which will have a negative impact.