Threat modeling techniques - though proven useful in many security analyses - have not been adequately scalable to identify all threats to an entire enterprise. In this talk, at CSI NetSec 07 we introduce a methodology for building a threat model across the entire enterprise. The idea we came up with is very simple actually. Take the basic principles and concepts used in application Threat Modeling, simplify a whole lot, stretch a little, sprinkle with some basic algebra, wrap it in a GUI and you have a powerful tool for analyzing the threats your organization faces.

The slides outline the thinking behind the approach and version 2.0 of the tool has also been released. Source code is available on request.

Update 2010: The tool has been updated with some of our latest thinking, and the slides from a recent workshop on threat modeling are provided on the right.