Skip to main content

This is a new service – your feedback (opens in a new tab) will help us to improve it.

Threat modelling

Last updated: 13 September 2023
Relates to (tags): Secure development, Security, Software design

Effectively understanding and communicating the potential attack vectors for our systems enables the Home Office to develop more secure applications and implement proportionate security. Threat modelling is an approach to identifying threats to a system so that appropriate security controls can be prioritised for implementation to mitigate risks.

There are a number of approaches to threat modelling of varying scope and involvement. This pattern suggests a few ways that teams can start to incorporate threat modelling into their activities.


Solution

Engineering teams should incorporate collaborative threat modelling with a ‘little and often’ approach. Don’t get bogged down with large upfront models, start by applying modelling to any changes to architecture or the introduction of new features.


Considerations

  • You do not need to be a security expert to do threat modelling, and the process does not need to be fully comprehensive to bring value, in fact attempting to build the ‘perfect’ threat model is often counterproductive

  • Security is everyone’s responsibility. While it is a useful opportunity to engage security colleagues in threat modelling activities, it is not essential. Value is brought from the process when the whole team is involved

  • As engineers, our instinct is to focus on the technology. It is ok to be technology driven when doing threat modelling, but don’t forget to think about potential threats from people and process

  • Good architecture diagrams really help to make threat modelling a straightforward process. Keep diagrams simple (C4 modelling is a good starting point)


Content version permalink (GitHub) (opens in a new tab)