Threat Analysis
Threat modelling for cybersecurity
Practitioner's note: This article is practice-oriented compliance documentation, not legal advice. We are a compliance specialist, not a law firm. For legally binding information please consult a licensed lawyer.
TL;DR
Threat analysis (threat modelling) is the structured identification of potential threats to IT assets. Methods: STRIDE, PASTA, MITRE ATT&CK, BSI threat catalogue.
What is threat analysis?
Top threats 2026 (ENISA Threat Landscape):
- Ransomware (still #1)
- Supply chain attacks
- Phishing + social engineering
- DDoS
- Insider threats
- State-sponsored APTs
- AI-powered attacks (deepfake phishing)
Practical example
SME in mechanical engineering: the threat analysis identifies the top three: ransomware, industrial espionage (China), insiders with design data. Protective measures are prioritised accordingly.
Frequently asked questions
Update cycle?
At least annually + after each serious incident.
Tools?
Microsoft Threat Modeling Tool, OWASP Threat Dragon, IriusRisk.