ATASM

Architectures, Threats, Attack Surfaces, and Mitigations (ATASM) is an overarching framework to threat modeling.

Components

Architecture
- Understand the logical and component architecture of the system
- Understand every communication flow and any valuable data that is moved and stored
Threats
- List all the possible threat agents for this type of system
- List the ultimate goals of each of these threat agents
- List the typical attack methods of the threat agents
- List the System level objectives of threat agents using their attack methods
Attack Surfaces
- Decompose (factor) the architecture to a level that exposes every possible attack surface
- Apply attack methods for expected objectives to the attack surfaces
- Filter out threat agents who have no attack surfaces exposed to their typical methods
Mitigations
- List all existing security controls for each attack surface
- Filter out all attack surfaces for which there is sufficient existing protection
- Apply new security controls to the set of attack services for which there isn’t sufficient mitigation
- Build a defense-in-depth¹

Seek to understand the architecture
List all threat agents, goals, methods, and objectives
Analyze architecture’s attack surfaces
- look at how attack methods and objectives would interact with the attack surface
Review security controls and attack surfaces
- remove any attack surface that are sufficiently secured by existing controls
Remaining list is secured using new controls
- focus on defense in depth

Brook schoenfield’s threat modeling methods | brookschoenfield.com. (n.d.). Retrieved April 17, 2026, from https://brookschoenfield.com/?page_id=341 ↩