Skip to main content
Glossary

Threat Modeling

A structured approach to identifying potential threats to a system, understanding attack surfaces, and determining which threats warrant mitigation. Threat modeling shifts security thinking from reactive to proactive.

Why it matters

Risk assessment tells you what could go wrong at an organizational level. Threat modeling tells you how an attacker could make it happen at a system level. Without threat modeling, security controls are applied uniformly rather than proportionally, which means critical attack paths may be under-protected while low-risk areas are over-engineered. Threat modeling is especially valuable during system design, where fixing vulnerabilities costs a fraction of what it costs after deployment.

In practice

Threat modeling frameworks like STRIDE, PASTA, or attack trees help teams systematically enumerate threats against system components. The output is a prioritized list of threats with proposed mitigations. These feed directly into risk assessments and control selection. In vucavoid, threats identified through modeling can be captured as risks, linked to the affected assets and systems, and tracked through the standard treatment workflow with controls mapped to each identified threat.

Related terms

Risk Assessment

The structured process of identifying, analyzing, and evaluating risks to decide what treatment they need.

Penetration Testing

A controlled attempt to exploit vulnerabilities, revealing what an attacker could actually achieve.

Cookie Use on Our Site

To ensure the smooth functioning of our website, we use a limited number of cookies. These cookies are essential for providing you with the services available on our website and to use some of its features. Here is a brief overview:
  • vucavoid_session: This cookie is essential for user authentication. It ensures that your session is secure and recognizes you as you navigate through our site.
  • XSRF-TOKEN: This cookie is critical for website security. It helps protect against cross-site request forgery attacks.
  • latest_marketing_banner_visible_{MARKETING_BANNER_ID}: This cookie simply remembers if you have seen our latest site banner, enhancing your browsing experience without tracking your personal data.

These cookies are strictly necessary to deliver the website, and therefore, we do not require your consent to place these cookies. For more information, please visit our Privacy Policy.