The term threat modeling, at first, may sound like something very complex and tedious to perform. However, once understood, it is indeed a simple task. We will try to simplify the concept of threat modeling with appropriate illustrations throughout this chapter.

Let's try to break down the two words, threat and model. The following are the dictionary meanings of both the words:

• Threat: A person or thing likely to cause damage or danger
• Model: A system or thing used as an example to follow or imitate

Now, combining both the words again, what do they mean collectively? Threat modeling is nothing but a formal way to identify potential security issues.

Let's take a very simple example to understand this.

The following diagram depicts a fort:

The fort is the place where the king resides and requires stringent security against his enemies. So, while the architects would design the structure of the fort, they would also need to consider various threats that may compromise the security of the fort.

Once the architects identify the possible threats, then they can work upon mitigating the threats by various possible means. Some threats to the fort might be the following:

• Enemy attacking through the rear where the fort is less guarded
• Enemy firing a cannonball at the walls of the fort
• Corrosion and wear and tear of the fort walls due to extreme weather
• Enemy elephants forcibly breaking the main entrance door of the fort

We just prepared a threat model for an ancient fort. It was simple; we tried to think of all the possible ways through which the security of the fort could be compromised, either intentionally or unintentionally. Similarly, a threat model must be prepared while constructing a President's house or any important administration office.

From the preceding example, we can understand that threat modeling is a generic concept that can be applied to any area or field where security is a requirement. Since this book deals with information security, we'll discuss how a threat model needs to be prepared for a given information system.

Threat modeling can be most effective and beneficial if done during the design phase of the development lifecycle. The cost of fixing bugs significantly rises in the later stages of SDLC.

Threat modeling is very commonly used in the software development life cycle. It enables the participants in the software development process to efficiently create and deliver secure software with a greater degree of confidence that all possible security flaws are understood and accounted for.