An Introduction to Threat Modelling: Modelling Steps, Model Types, Benefits and Challenges

Nitin Naik*, Paul Jenkins, Paul Grace, Dishita Naik, Shaligram Prajapat, Jingping Song

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The proliferation of cybersecurity threats is posing substantial security risks to organisations; therefore, it requires robust countermeasures and defence mechanisms for organisational IT systems, applications and data. Threat modelling is a process of identifying, analysing, prioritising and mitigating threats and their associated vulnerabilities in a system or network. Understanding the threat modelling process, as well as its benefits and limitations, whilst selecting an appropriate threat modelling method that may assist cybersecurity experts in their comprehensive security assessments. The assessments are designed to uncover security gaps and potential threats, to develop robust countermeasures against these potential threats and strengthening the security of organisational IT systems, applications and data. This paper will present a comprehensive study concerning threat modelling including the phases involved in threat modelling, types of threat models and benefits and challenges of threat modelling. Therefore, this comprehensive study concerning threat modelling will simplify the essential terminologies of threat modelling to users in a clear and concise manner.

Original languageEnglish
Title of host publicationContributions Presented at The International Conference on Computing, Communication, Cybersecurity and AI - The C3AI 2024
EditorsNitin Naik, Paul Grace, Paul Jenkins, Shaligram Prajapat
PublisherSpringer Science and Business Media Deutschland GmbH
Pages260-270
Number of pages11
ISBN (Print)9783031744426
DOIs
Publication statusPublished - 20 Dec 2024
EventInternational Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024 - London, United Kingdom
Duration: 3 Jul 20244 Jul 2024

Publication series

NameLecture Notes in Networks and Systems
Volume884 LNNS
ISSN (Print)2367-3370
ISSN (Electronic)2367-3389

Conference

ConferenceInternational Conference on Computing, Communication, Cybersecurity and AI, C3AI 2024
Country/TerritoryUnited Kingdom
CityLondon
Period3/07/244/07/24

Keywords

  • Cyber Threat
  • Cyberattack
  • Cyberthreat
  • DREAD Model
  • LINDDUN Model
  • OCTAVE Model
  • PASTA Model
  • STRIDE Model
  • Threat Modelling
  • Threat Models
  • VAST Model

Cite this