A Human Factor Approach to Threat Modeling

Cybersecurity has many challenges to address to ensure the protection of a system from an attacker. Consequently, strategies have been developed to address a system’s weakness that an attacker may try to exploit. However, while these approaches may prevent an attacker from getting in from the outside, they do not consider the user’s actions from the inside and how their behavior may inadvertently allow an attack to occur. This paper presents a human-centered approach to threat modeling titled STRIDE-HF, which extends the existing threat modeling framework STRIDE.