A threat model is a hypothetical security threat to a system, identified and quantified to make it easier to fight, with the goal of preventing a security problem by using proactive security measures. Threat modeling is used in the development of operating systems, software, and various computer tools. Companies may take their models through a series of stages to identify threats, neutralize them, and see what arises in their wake.
There are several different perspectives developers can use in threat modeling. One involves considering the assets stored in a system to determine what kinds of people might want to access them, how dedicated they would be, and how serious the threat might be if there was an information breach. In this asset-centered threat model, the primary concern is what is stored on the system, and security systems are structured around this.
Another way to examine potential threats is to look for breaches in software to see if any might create a situation ripe for exploit. This model evaluates a system for loopholes that might become an issue if hackers had an interest. It is also possible to consider threats from the perspective of an attacker, by profiling a hypothetical attacker and thinking about the way this person might attempt to access a system, and what this person might do there. This type of threat model could explore a range from vandalism to the removal of confidential information.
In a threat model, the developer wants to identify a threat, assess how serious it is, and develop a fix to prevent the issue. This requires constant adaptation, as new threats continually emerge. In the process of patching older threats, developers may identify new issues, or could inadvertently create issues through their work. For this reason, they tend to keep careful logs of their activities and work on proactively identifying developing threats.
Threat models can be used by information technology personnel responsible for a company network, antivirus developers, and programmers who create new operating systems and programs. Their work may include attending security conferences and hiring outside consultants to get a fresh perspective on computer security issues. At some organizations that work with open source material, users may contribute their own threat models and proposed fixes. This crowd-sourcing approach to threat model development can help a company identify problems faster, by harnessing people who may think and use computers in radically different ways, and thus identify issues that others might not catch.