Skip to Main Content
Threat Modeling
book

Threat Modeling

by Izar Tarandach, Matthew J. Coles
November 2020
Beginner content levelBeginner
249 pages
7h 7m
English
O'Reilly Media, Inc.
Book available
Content preview from Threat Modeling

Chapter 1. Modeling Systems

All models are wrong, but some are useful.

G. E. P. Box, “Science and Statistics,” Journal of the American Statistical Association, 71 (356), 791–799, doi:10.1080/01621459.1976.10480949.

System modeling (creating abstractions or representations of a system) is an important first step in the threat modeling process. The information you gather from the system model provides the input for analysis during the threat modeling activity.

In this chapter we’ll cover different types of system models, the reasons why you might choose to use one model type over another, and guidance for creating the most effective system models. Expert proficiency of system model construction will inform your threat models and lead to more precise and effective analysis and threat identification.

Note

Throughout this chapter, we use the words model or modeling to mean an abstraction or representation of a system, its components, and interactions.

Why We Create System Models

Imagine, if you will, a group of Benedictine monks looking at the monastic church of St. Gall and then at a manuscript, back and forth. At some point, one turns to the others and says, “Well, listen, it was not a plan per se. It was more like a ‘two-dimensional meditation on the ideal early medieval monastic community.’”1 Such is the purpose associated with the Plan of St. Gall, currently recognized as the oldest preserved 2D visualization and plan of a building complex. The church looks very different ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Threat Modeling

Threat Modeling

Adam Shostack
Security in Computing, 6th Edition

Security in Computing, 6th Edition

Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp

Publisher Resources

ISBN: 9781492056546Errata Page