Threat Modelling is a structured tabletop exercise which is used to identify and mitigate
potential threats to a system or application. It is an essential step in the software development process to ensure that security is built into the product from the outset. Threat modelling has become more critical than ever before due to the ever-growing number of cyber-threats.

Threat Modelling is a risk management activity performed by those with a deep technical
understanding of the application, module, or business process

Who is it for?

Who is it for?

Threat Modelling should be utilised by anyone:

  • Developing software,
  • Utilising third party APIs,
  • With complex business processes,
  • Who would experience catastrophic business damage or reputation damage
    as a result of data loss,
  • And any business holding sensitive data.
How can we help?

How can we help?

Our services will educate your employees in a positive and encouraging manner,
heightening awareness of threat modelling, whilst encouraging the identification of possible threats to an application or infrastructure prior to release.

Many organisations have the intention to improve the security of their applications and
infrastructure, but simply don’t know where to start. Secarma’s mission is to support the
implementation of threat modelling into your development processes and encourage

What we test

What we test

There are a couple of threat modelling approaches that may be utilised, System Lead and Attacker Lead.

  • System Lead focuses on the system as a whole, considering each process,
    data store, dataflow, external entity, and trust boundary.
  • Attacker Lead focuses on threat actors and how they may compromise our
    system. This involves understanding threat actors and focusing on entry
    points rather than the system as a whole. It involves focusing on critical assets, and emphasis is placed on protecting critical assets instead of the entire system.

Download our Fact Sheet


Other services

Virtual Information Security Manager

Virtual Information Security Manager

Developing and maintaining a robust cybersecurity posture can be challenging for organisations who e...

Incident Response Scenario Testing (Wargaming)

Incident Response Scenario Testing

Modern organisations face a range of cybersecurity risks and whilst every effort may be made to prev...

Build Configuration Security Review

Build Configuration Security Review

A build configuration security review can provide system administrators with a comprehensive overvie...

Cloud Configuration Security Review

Secarma’s Cloud Configuration Security Review tests the configuration of the chosen cloud provider...

Cyber Security Maturity Assessment

Our Cyber Security Maturity Assessment (CSMA) evaluates your organisation's current security program...

Threat Modelling

Threat Modelling is a structured tabletop exercise which is used to identify and mitigate potential...

Firewall Configuration Security Review

Firewall Configuration Security Review

Firewalls are an essential component of network security as they monitor incoming and outgoing netwo...

IOT Cyber Scheme

IoT Cyber Scheme

Internet of Things (IoT) is a standard against which manufacturers of IoT devices can have their dev...