IT Risk Management Simply explained: Threat modelling

This is a process of preparing, identifying risks, mitigating them and regularly review the risks. Hence, this is a continuous process that requires regular review.

Two well-known framework assist here:

  1. STRIDE (Spoofing, Tampering, Repudiation, Informaton Message disclosure, Denial of Service & Elevation of Privilege)
  2. PASTA

Risk must be classified on the scale of risk of occuring and impact (either financial or non-financial). Based on this, risk can be categorized and mitigation efforts can be implemented starting with the risk that have a high chance of occurance and large impact.