What is Threat Modeling?
Threat modeling is a procedure for optimizing application, system or business process security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent or mitigate the effects of threats to the system.
Threat modeling helps to identify the security requirements of a system or process — anything that is mission-critical, processing sensitive or made up of valuable data. It is a systematic and structured process that aims to identify potential threats and vulnerabilities to reduce the risk to IT resources. It also helps IT managers understand the impact of threats, quantify their severity and implement controls. In terms of software security, threat modeling is the most important part of software design and development. It is impossible to build applications and systems that comply with corporate security policies and privacy and regulatory requirements without evaluation and mitigating threats.