Threat Modeling, as a part of a Risk Assessment

Introduction

Risk Assessments are a simple way in which organizations, projects, and people can evaluate, categorize, and mitigate risks through control measures.

Risk Assessment Components

Risk Assessments typically consist of the following areas:

1. System Characterization and Identifcation of Assets
2. Threat Identification
3. Vulnerability Identification
4. Control Analysis
5. Likelihood and Impact Determination
6. Risk Determination and Recommendations

These are delivered in a Risk Assessment Report and utilize the Threat Modeling and include a self feeding process that looks like this: