As shown above, these various nodes are labeled based on the criticality of the data and functionality that they embody. The first step in this stage of the process is labeling the diagram based upon criticality, as shown in the image above. It includes a general scale of criticality (from “not in control of system” to critical) and a more specific 0-9 scale of criticality. The image above shows the two different ways in which the threat model should be labeled. The next step in the threat modeling process is identifying and labeling zones of trust within the diagram. It provides a visual representation of the system being assessed and the trust relationships between various actors and systems.
This includes interactor-module flows (like the use of a web portal) and module-module flows (such as an application querying a database).ĭeveloping this diagram is a crucial first step in the threat modeling process. Connections: Connections are links between interactors and modules.This can include applications (like a web portal or payment API) and other endpoints or systems within the environment. Modules: A module is a component of the system under test.These interactors may have different duties or user stories and each is included separately within the diagram. Interactors: These are the people who will interact with the systems.The image above shows a sample diagram derived from the table shown previously. This stage involves diagramming the various interactors and nodes within the modeled ecosystem and identifying the links and data flows between these various parties and systems. The first step in the threat modeling process is designing the threat model.