LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What is Threat Modeling and what is its purpose?

Systematically asking "what can go wrong and what will we do about it?" — answered through four questions: what are we building, what can go wrong, what do we do, did we do it well.

A cycle: Asset → Architecture → Decompose → Identify & Assess Threats → Identify Vulnerabilities → Design Mitigations, looping back to Architecture.

* Threat-modeling iteration loop — decompose the architecture, find threats and vulnerabilities, design mitigations, then iterate on the architecture. *

A Threat-Modeling hub fanning to the four questions.

* The four threat-modeling questions — what are we building, what can go wrong, what do we do about it, did we do a good enough job. *

Threat Modeling is the structured practice of identifying what can go wrong with a system and how to prevent it, before attackers find out for you.

It answers four key questions:

  1. What are we building? - Understand the system
  2. What can go wrong? - Identify threats
  3. What are we going to do about it? - Define mitigations
  4. Did we do a good job? - Validate the model

Why do it:

  • Find security issues before they become vulnerabilities
  • Make informed decisions about acceptable risk
  • Create actionable security requirements from threats

When: Primarily during the design phase, but revisited as the system evolves.

Reference: Adam Shostack, "Threat Modeling: Designing for Security", Wiley 2014

Go deeper:

From Quiz: SPRG / SDL and Threat Modeling | Updated: Jul 05, 2026