Unlike threat assessments, threat modeling is a process of identifying all potential threats, such as structural issues, scenarios, vulnerabilities, accessible exploits, attackers, and effects.
Threat modeling should ideally be performed during the design process and always repeated after any major changes. At the basic level, threat modeling detects, documents, and maps the relationships between attackers, vulnerabilities, attacks, countermeasures and the impacts it has on business, the organization and processes within your environment.
Customarily, we begin with an attacker and a set attack scenario. Subsequently, we proceed until we detect the vulnerabilities which can be abused and the means thereof; we define countermeasures and determine how to stop them; finally, we quantify the impacts on your activities.