Threat modelling

With a systematic analysis of the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker, defenders can focus on what is most important to protect. It's systematic, and like penetration testing, a dance.

Adversary-centric threat modelling

Studying the history and past interactions of adversaries showing what they may take as their next move.

More ...

Paranoia without going into protectionism can be healthy

Quick and dirty

Identifying, enumerating, and prioritising potential threats from a hypothetical attacker's point of view for finding the low hanging fruit.

More ...

Asset-centric threat modelling

Using attack trees and attack graphs for visually illustrating patterns and vulnerabilities by which an asset can be attacked.

More ...

Software-centric threat modelling

Visual, Agile, and Simple Threat (VAST) modelling for scaling threat modelling processes associated with applications.

More ...