LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the pitfalls of model complexity in threat modeling?

Too simple and the model just echoes your assumptions; too complex and it's unanalysable and gets rubber-stamped — aim for "represents reality" in between.

A threat model only teaches you something in a narrow band of fidelity: push it too far in either direction and it stops surfacing new knowledge, so the whole point is to keep it honest and just complex enough to mirror the real system.

Be honest with the process:

  • Make sure the model represents reality
  • Consider all types of threats

Use appropriate complexity:

Problem Result
Overly-simplified Departs from reality; you get only what you put in - no new knowledge
Overly-complicated Too much to analyze; leads to "check it off the list" syndrome

Test your model: Think of a specific security concern, then see where it fits in your threat model. If it doesn't fit anywhere, your model is incomplete.

From Quiz: SPRG / Mitigation and Risk Analysis | Updated: Jul 14, 2026