Professional Documents
Culture Documents
Threat Modeling A System
Threat Modeling A System
• Rule of Thumb: The larger your scope, the more time-consuming your Threat Model is
going to be
• Bound your scope - There will always be external dependencies, consider them in your
Trust Zone/Boundary
• Remember that Threat Models can never be perfect. But they can be improved and
iterated upon
• Essays/Manuals/Stories
• Trust Zones/Boundaries
• Don’t look for perfection and aesthetics - Focus on threats and mitigations
E 9
E E E
1
2
9
E
0 1 7 E
5
5 7 E
3 E
SE 9
SE SE E
1
2
9
E
0 1 7 E
5
5 7 E
3 TE
SE 9
SE TSE E
1
2
9
T TE
0 1 7
5 TE
5 7 E
SE 9
SE RTSE E
1
2
9
RT TE
0 1 7
5 TE
5 7 E
3 TE
SE 9
SE RTSE E
1
2
9
RT TE
0 1 7
5 TE
5 7 IE
3 TE
DSE 9
DSE DRTSE DE
1
2
9
RT DTE
0 1 7
5 TE
5 7 DIE