Threat Model versus Risk Model

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Threat Model versus Risk Model

The concepts of Threat Model and Risk Model have some overlap but also significant differences in context and implications.

Overlap Areas

A Threat is a type of Risk Factor that explicitly involves the malicious intend of an Agent. It is thus a subset of an overall Risk landscape which in the domain of Information Technology would be most broadly covered under IT Risk.
Constructing a threat model can be considered a type of Risk Analysis

Differences and Nuance

The term model in threat model means primarily a conceptual identification of a system's characteristics (it is a system model). The term model in risk model frequently implies a Quantitative Risk Model