Threat modelling is a systematic approach to identifying, analyzing, and prioritizing potential threats to a system, application, or process. The goal is to detect security risks early — ideally during the design phase.
In an ISMS context, threat modelling supports the requirements of ISO 27001 Clause 6.1.2 (Risk Identification) and Annex A control A.8.25 (Secure Development). Common methods include STRIDE (categorization by threat type), PASTA (process-oriented), and BSI’s threat analysis within IT-Grundschutz. Typical steps: define system scope, identify data flows, mark trust boundaries, derive threats per component, and assign countermeasures. Threat models should be updated when significant architectural changes occur.