SEC01-BP07 Identify and prioritize risks using a threat model - AWS Well-Architected Framework (2022-03-31)

SEC01-BP07 Identify and prioritize risks using a threat model

Use a threat model to identify and maintain an up-to-date register of potential threats. Prioritize your threats and adapt your security controls to prevent, detect, and respond. Revisit and maintain this in the context of the evolving security landscape.

Threat modeling provides a systematic approach to aid in finding and addressing security issues early in the design process. Earlier is better since mitigations have a lower cost compared to later in the lifecycle.

The typical core steps of the threat modeling process are:

  1. Identify assets, actors, entry points, components, use cases, and trust levels, and include these in a design diagram.

  2. Identify a list of threats.

  3. For each threat, identify mitigations, which might include security control implementations.

  4. Create and review a risk matrix to determine if the threat is adequately mitigated.

Threat modeling is most effective when done at the workload (or workload feature) level, ensuring that all context is available for assessment. Revisit and maintain this matrix as your security landscape evolves.

Level of risk exposed if this best practice is not established: Low

Implementation guidance


Related documents:

Related videos: