LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the four steps in the Threat Modeling process?

Diagram → Identify → Mitigate → Validate: draw the system, find threats with STRIDE, design fixes, then check the fixes hold — repeated as the system changes.

The four DFD element types: Process (circle), Data Store, Source/Sink (rectangle), Data Flow (arrow), each with its meaning.

* DFD notation — the four element types: Process (circle = service/component), Data Store (file/DB/queue), Source/Sink (rectangle = external), Data Flow (arrow). *

A four-node ring: Diagram → Identify → Mitigate → Validate, repeated as the system changes.

* The threat-modeling cycle — Diagram, Identify (STRIDE), Mitigate, Validate; repeated as the design evolves. *

The four steps are Diagram → Identify → Mitigate → Validate:

Step Action Output
1. Diagram Draw Data Flow Diagrams (DFDs) Visual of components, data flows, trust boundaries
2. Identify Find threats using STRIDE List of potential security issues
3. Mitigate Design countermeasures Security requirements and fixes
4. Validate Test mitigations work Verified, updated threat model

This is a continuous cycle - revisit whenever the system changes.

Mnemonic: "DIMV" = "Did I Miss Vulnerabilities?" - Diagram, Identify, Mitigate, Validate

Go deeper:

From Quiz: SPRG / SDL and Threat Modeling | Updated: Jul 14, 2026