Scroll to discover
See a Demo
Skip to content

Threat Modeling Methodology: TRIKE

Focus: Acceptable Risks |  Est: 2006

TRIKE is an open source threat modeling process focused on the security auditing process from a risk management and defense perspective. This risk-based approach looks at implementation, threats and risk models, meaning it ensures the assigned level of risk for each asset is acceptable to its stakeholders. The purposes of TRIKE are:1

  • To ensure that the risk this system entails to each asset is acceptable to all stakeholders
  • To be able to communicate its effects to the stakeholders
  • Empower stakeholders to understand and reduce the risks to them and other stakeholders implied by their actions within their domains

The benefits of TRIKE include:2

  • Coordination and collaboration across stakeholders via this conceptual framework
  • By using Data Flow Diagrams (DFDs) an illustration is created for the flow of data where the user can then perform actions within a system
  • Threats are analyzed to enumerate and assign a risk value, allowing it to contribute to overall risk management
  • Security controls or preventive measures are defined to address the threats 
  • Contains built-in prioritization of threat mitigation
  • Automated components

Other Threat Modeling Methodologies 

To learn more about other methodologies please visit Threat Modeling Methodologies.

 

Information Sources:
 
1. EC-Council, Cyber Threat Modeling eccouncil.org/threat-modeling 
2. Software Engineering Institute, Threat Modeling: 12 Available Methods (2018) https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/