Threat model

[citation needed] Commuters use threat modeling to consider what might go wrong during the morning journey to work and to take preemptive action to avoid possible accidents.

Children engage in threat modeling when determining the best path toward an intended goal while avoiding the playground bully.

Shortly after shared computing made its debut in the early 1960s, individuals began seeking ways to exploit security vulnerabilities for personal gain.

[2] As a result, engineers and computer scientists soon began developing threat modeling concepts for information technology systems.

Early technology-centered threat modeling methodologies were based on the concept of architectural patterns[3] first presented by Christopher Alexander in 1977.

In 1994, Edward Amoroso put forth the concept of a "threat tree" in his book, "Fundamentals of Computer Security Technology.

Independently, similar work was conducted by the NSA and DARPA on a structured graphical representation of how specific attacks against IT-systems could be executed.

In 1998 Bruce Schneier published his analysis of cyber risks utilizing attack trees in his paper entitled "Toward a Secure System Engineering Methodology".

Current SIEM (Security Information and Event Management) tools typically only provide indicators at the lowest semantic levels.

Typically, threat modeling has been implemented using one of five approaches independently: asset-centric, attacker-centric, software-centric, value and stakeholder-centric, and hybrid.

This methodology is intended to provide an attacker-centric view of the application and infrastructure from which defenders can develop an asset-centric mitigation strategy.

In the early 2000s, an additional symbol, trust boundaries, were added to improve the usefulness of DFDs for threat modeling.

[28] In this context, threats to security and privacy like information about the inhabitant's movement profiles, working times, and health situations are modeled as well as physical or network-based attacks.