
Threat modeling and risk assessment
Module duration: 4 hours
Module overview
​
An essential step to define a protection strategy for a system is understanding what needs to be protected against, and threat modeling and risk assessment work together to support this. In threat modeling, potential threats are identified based on the system’s design and context. Then, in risk assessment, the threat's feasibility and severity are evaluated to prioritize mitigations. This process is the basis for complying with European laws like the Cyber Resilience Act and RED Delegated Act.
Objective of this module
The aim of this module is to understand what threat modeling and risk assessment are, what cybersecurity standards and regulations require in this area, and how to perform the activity in practice through guidance and examples.
What you will learn:
01.
Which information to collect before starting a threat modeling activity
02.
Tools and guidelines to carry out threat modeling and risk assessment
03.
How to perform threat modeling and risk assessment to ensure compliance with legislations
04.
Mitigation strategies to reduce risk
You will cover:
This module provides the audience with the following:
​
-
Why threat modeling and risk assessment are essential to building security into a system from the start
-
How to execute the activity step by step
-
Interactive example of a threat modeling activity
​
This module is
intended for:
The module is targeted at professionals working for companies that need to ensure that their component, product or system has security commensurate with its expected level of risk throughout the product's life-cycle.
