A Different Approach to Threat Modeling

November 25, 2016 By David Torre Blog

Threat modeling is the art of assessing and anticipating threats in order to build a more tailored information security program. Essentially the process starts with enumerating threats, assessing probability and impact, then building your risk management or remediation plan. Once that threat has been “modeled,” it goes into a risk management state and the next threat is modeled. The process is repeated over and over; once for each threat.

I say art (versus science) as threat modeling is somewhat of an unstructured process; a blank canvas whereby information security professionals analyze threats in various, yet unique ways. One commonality, however, is to focus analysis on the actual threat itself. Yet I see a problem with focusing the equation on threats:

  • There are simply too many threats to model
  • Threats are constantly changing
  • Many different threats produce the same effect or impact
  • Focusing on the threat is a preventative approach; so what happens when the threat actually materializes?

Lately I’ve been pondering whether it’s more beneficial to instead focus on the impacts. Here’s a very simple “effect model” whereby simply enumerating the threats is as far as I go with analysis.


As you can see, multiple causes (threats) equate to the same impacts (effects). This simple cause-and-effect diagram can be further streamlined as follows:


So, after simply enumerating my risks, I have a rough-cut of my top impacts; listed here in a simple stack-ranked list which I can actually commit to memory:

  • Financial Loss (8)
  • Damage to Reputation (8)
  • Litigation (7)
  • Loss of intellectual Property / PII (6)
  • Physical Harm to Humans (2)

Knowing that financial loss and damage to reputation are at the top of my list, I should probably think about having a solid cyber insurance policy and a good PR plan. As for litigation and loss of IP/PII, having a good attorney on retainer probably makes sense. Finally physical harm to humans, while low on the connectivity graph, is still the most important aspect of any security program.

In summary, it’s sometimes helpful to focus more on impact that the threat itself. Flipping the threat modeling equation around provides a different perspective, and a different way to group and prioritize events which, hopefully, never happen.


You may unsubscribe at any time by clicking the link in the footer of our emails. For information about our privacy practices, please visit our privacy notice. Note that we use Mailchimp as our email service provider. By clicking subscribe, you acknowledge that your information will be transferred to Mailchimp for processing.

About David Torre

David Torre is a business technology veteran with years of experience coupled with degrees in both information systems and business intelligence. This combination of skills has enabled David to provide enterprise solutions to well-known companies who face some of the toughest challenges in the business world today.

David currently resides in the San Francisco Bay Area where he runs Center Mast, LLC.