Threat Model versus Risk Model
From Open Risk Manual
Threat Model versus Risk Model
The concepts of Threat Model and Risk Model have some overlap but also significant differences in context and implications.
Overlap Areas
- A Threat is a type of Risk Factor that explicitly involves the malicious intend of an Agent. It is thus a subset of an overall Risk landscape which in the domain of Information Technology would be most broadly covered under IT Risk.
- Constructing a threat model can be considered a type of Risk Analysis
Differences and Nuance
- The term model in threat model means primarily a conceptual identification of a system's characteristics (it is a system model). The term model in risk model frequently implies a Quantitative Risk Model