Threat Model Chaining

Understand the security and risk "big picture" with chained threat models

Chained Threat Models are Critical

Value of Building Threat Models and Threat Model Chaining The purpose of each cyber security threat model as a standalone entity is to detail all the threats and risks to the components within the application or system being analyzed. However, applications and systems frequently utilize shared components such as single sign-on, databases, and web servers. Shared components interact internally with each other and externally with systems and infrastructures. It is, therefore, critical to understand the threats to each shared component and how those threats impact the overall IT system. Chained threat models enable stakeholders to understand the entire application environment. Chaining provides the detailed insight into the interactions that occur between the cyber security threat models for each application component, the supporting systems, and the infrastructure.

Chained threat models

Chained Threat Models – Scalability and Visibility Chained threat models provide the ability to link all of the related cyber security threat models together, giving a complete view of their interconnections and interdependencies within the cyber ecosystem. Visibility into these interdependencies allows for the rapid assessment of downstream impacts from threats or failure of one or more components. For example, should single sign-on fail, the downstream impact will involve the application, shared systems, and the infrastructure. Being able utilize threat model chaining ensures that the scalability necessary for enterprises whose applications may have hundreds or thousands of connections and interdependencies is available and enables them to see the entire picture.

Still have questions about Threat Model Chaining?

With Threat Model Chaining, you’re able to Leverage:


Understand all of the interconnections and interdependencies between the various components, systems, and infrastructure.


Visualize the downstream impact of the failure of a single element. Promotes reuse of common threat models.