Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Threat Classification Model

Training Camp • Cybersecurity Glossary

What is Threat Classification Model?

A structured framework for categorizing threats by type and impact, like STRIDE or the kill chain, to prioritize risk and guide defenses systematically.

Glossary > Threats, Malware & Attacks > Threat Classification Model

Understanding Threat Classification Model

A threat classification model is a structured framework that categorizes security threats by their characteristics, attack type, and potential impact so organizations can analyze, prioritize, and mitigate them systematically. Rather than treating threats ad hoc, it provides a common taxonomy that makes risk assessment repeatable and ensures coverage across the full range of attack types.

Several established models serve this purpose. STRIDE classifies threats into Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege, and is widely used in threat modeling during design. The MITRE ATT&CK framework catalogs adversary tactics and techniques across the attack lifecycle. The Lockheed Martin Cyber Kill Chain breaks intrusions into phases from reconnaissance to actions on objectives. DREAD and CVSS add scoring dimensions to rank severity. These models work by mapping observed or hypothesized threats into defined categories, then linking each category to likelihood, impact, and recommended controls.

This matters because organizations face far more potential threats than they can address at once, and classification drives prioritization. A shared model improves communication between developers, security teams, and management, prevents blind spots by prompting consideration of every threat category, and aligns defenses with the most likely and damaging risks. It also underpins threat modeling, detection engineering (mapping detections to ATT&CK techniques), and incident analysis.

For example, a development team designing a new payment API runs a STRIDE-based threat modeling session against its data flow diagram. At the trust boundary between the client and the API, they identify a Spoofing threat (forged identity), a Tampering threat (altered transaction amounts), and an Information disclosure threat (exposed card data). Classifying each threat directs concrete controls: strong authentication and token binding for spoofing, request signing and validation for tampering, and TLS plus field-level encryption for disclosure, ensuring the design addresses each category before code is written.

Learn More About Threat Classification Model:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →