Modeling Phases
In the latest versions of the tool, the threat modeling process follows a structured sequence of phases designed to provide a more comprehensive and detailed analysis of potential threats. These phases encompass key elements such as specifications, definitions, system architecture, in-depth analysis, and results summary, ensuring a complete understanding and assessment of any cyber risks.
Specifications
If the user has specific requirements for the system model, the Specification page provides a structured approach for handling and adding all necessary information. Guidance on managing the specifications phase can be found in the Specifications section.
Definitions
The Specifications page allows users to define critical assets and associated damage scenarios within the system model, establish assumptions, and customize the risk matrix to align with specific requirements. For more detailed information, refer to the Definistions section.
Architecture
The user can start modeling the system design using the existing components provided by ThreatGet. The user can also add any other components to meet the expectations for modeling that align with the actual system design. More details on how the modeling process works can be found in Designing ThreatGet Models.
Analysis
In this phase, ThreatGet plays a crucial role in detecting potential threats that could propagate through the system model components. A comprehensive threat analysis is performed by ThreatGet to determine whether any existing security vulnerabilities in the system could lead to cyber risks. More details on the analysis process can be found in Analyzing Threats.
Summary
ThreatGet provides a summary of the threat analysis outcomes, accessible by pressing the Summary button. This overview includes results from the risk analysis process, and users can also generate a comprehensive report containing all information about the system model and its associated risk analysis outcomes. More details on this are covered in the Summary section.