Skip to main content

Learn Threat Modeling Fundamentals

Learning Objectives

After completing this unit, you’ll be able to:

  • Explain what threat modeling is and why it’s important.
  • Define threat modeling terminology.
  • Identify your team for conducting a threat modeling exercise.

Learn About Threat Modeling

Threat modeling is a structured approach for analyzing a system to assess risk, identify threats, and pinpoint mitigations to address those threats. With threat modeling, you can prevent security gaps before attackers find and exploit them. Threat models are a good idea anytime, but they’re especially important when you undertake high-risk work.

What Is a Threat?

What’s a threat in the context of threat modeling? A threat is anything that can intentionally or accidentally exploit a vulnerability—a weakness or gap in security—to obtain, damage, or destroy an asset. Assets are the things you’re trying to protect: people, property, and information. Your assets depend on your organization, but most organizations’ greatest assets are collections of information. Your reputation is also an asset, one that hinges on your customers’ perception of how effectively you protect their information.

Practicing threat modeling is key to maintaining your customers’ trust. It also boosts overall efficiency, because threat modeling mitigates threats and vulnerabilities that surface during design. When your team finds security problems in the design phase, you avoid having to scramble down the road to fix bugs that have made it too far into production. 

Threat modeling boils down to reducing risk. Risk is the potential for loss, damage, or destruction of an asset as a result of a threat taking advantage of a vulnerability.

Threat Modeling Process

Threat modeling helps you and your team accomplish several things. It helps you agree on security objectives by deciding what you need to protect and from whom or what. It also helps you understand your system’s architecture by describing it in a way that makes security analysis possible. Creating a data-flow diagram, a key step in the threat modeling process, encourages you to think of ways attackers might exploit vulnerabilities or get past your security objectives. Once you’ve anticipated threats this way, you can then figure out how to address them through mitigations or changes to your system’s architecture.

Overall, you can think of threat modeling as a five-step process.

  1. Agree on security objectives.
  2. Describe your architecture by creating a data-flow diagram.
  3. Identify threats.
  4. Identify mitigations to the threats (possible and verified).
  5. Build and validate the defenses.

Using these steps to evaluate your project can lead to predictable and repeatable results, which is important when it comes to security. We explain each of these steps in detail in the next unit. But first, let’s look at how you create a team to conduct a threat modeling exercise.

Gather Your Team

Threat modeling is a team exercise that brings security expertise and the creators of a system together. Typically, a security expert leads the exercise. Over time, however, those in technical roles, such as architects and team leads, can also conduct threat modeling exercises.

Before you can model threats, you need to assemble your team. Here are some questions to ask to figure this step out. 

  • Who’s well-versed in the security of this type of system? Do you need a security engineer or another team member to advocate for security?
  • Who best understands the system’s big picture—an architect or a technical product manager?
  • Who has the greatest ideas for how to build the system? Will you need an engineer or technical subject matter expert?
  • Who’s proficient in finding ways the system can break?
  • Is there someone who has done threat modeling before? If so, can this team member help keep things on track?

You set yourself up for threat modeling success when you have a team with a complete set of views into a system. In an ideal scenario, this means having at least one person with expertise in security, one in architecture, one in implementation, and one in quality assurance.

After assembling your team, don’t worry if you haven’t yet figured out the low-level implementation details. Part of the value of threat modeling is that it also informs the implementation process.

A team of people are each bringing a piece of a puzzle to solve a problem.

Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left-hand column to the number corresponding to the order in the sequence in which it should occur in the right-hand column. When you finish ordering all the items, click Submit to check your work. If you’d like to start over, click Reset.

Great work!

Now that we’ve learned about what threat modeling is, let’s get into the techniques and tools we use to accomplish it.

Resources

Salesforce ヘルプで Trailhead のフィードバックを共有してください。

Trailhead についての感想をお聞かせください。[Salesforce ヘルプ] サイトから新しいフィードバックフォームにいつでもアクセスできるようになりました。

詳細はこちら フィードバックの共有に進む