Available online at https://threat-modeling.net/threat-modeling-of-threat-modeling/
Created by Hendrik Ewerlin - https://hendrik.ewerlin.com/security - 2024-02-29
This document threat models threat modeling. #meta
Threat modeling will more likely be a success if we tame the threats to the threat modeling process.
Threat modeling is cruicial for building secure systems:
A system is secure, iff it is protected from danger.
So the obvious questions are: What danger / threats? What protection / mitigations?
These questions align nicely with Questions 2 and 3 from Shostack’s Four Question Framework: “What can go wrong? What are we going to do about it?” Answering these four question is what a threat modeling process does.
This makes threats visible (Goal 1: Clarity) and tames them (Goal 2: Security).
The ultimate goal is to create a secure system. We create that system by threat modeling and implementing mitigations. This is a security activity performed by humans and we can investigate it’s usability (see ISO 9241-11:2018).