Threat Modelling is a structured tabletop exercise which is used to identify and mitigate

potential threats to a system or application. It is an essential step in the software development process to ensure that security is built into the product from the outset. Threat modelling has become more critical than ever before due to the ever-growing number of cyber-threats.

Threat Modelling is a risk management activity performed by those with a deep technical

understanding of the application, module, or business process

Who is it for?

Who is it for?

Threat Modelling should be utilised by anyone:

  • Developing software,
  • Utilising third party APIs,
  • With complex business processes,
  • Who would experience catastrophic business damage or reputation damage

    as a result of data loss,

  • And any business holding sensitive data.
How can we help?

How can we help?

Our services will educate your employees in a positive and encouraging manner,

heightening awareness of threat modelling, whilst encouraging the identification of possible threats to an application or infrastructure prior to release.

Many organisations have the intention to improve the security of their applications and

infrastructure, but simply don’t know where to start. Secarma’s mission is to support the

implementation of threat modelling into your development processes and encourage

security-by-design.

What we test

What we test

There are a couple of threat modelling approaches that may be utilised, System Lead and Attacker Lead.

  • System Lead focuses on the system as a whole, considering each process,

    data store, dataflow, external entity, and trust boundary.

  • Attacker Lead focuses on threat actors and how they may compromise our

    system. This involves understanding threat actors and focusing on entry

    points rather than the system as a whole. It involves focusing on critical assets, and emphasis is placed on protecting critical assets instead of the entire system.

Download our Fact Sheet

Download