Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Threat Taxonomy

Training Camp • Cybersecurity Glossary

What is Threat Taxonomy?

A structured classification of cyber threats by type, behavior, and impact—giving teams a shared vocabulary, as in STRIDE or MITRE ATT&CK.

Glossary > Threats, Malware & Attacks > Threat Taxonomy

Understanding Threat Taxonomy

A threat taxonomy is a structured classification system that organizes cybersecurity threats into defined categories based on their characteristics, behaviors, techniques, and potential impact. It gives security teams a common vocabulary and framework for describing, comparing, and prioritizing threats consistently across an organization.

A taxonomy groups threats along dimensions such as threat type (malware, phishing, denial of service, insider misuse), the actor or motivation behind them, the tactics and techniques used, and the assets or impact targeted. Well-known examples include Microsoft's STRIDE model for categorizing threats during design (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege), the MITRE ATT&CK framework's tactics and techniques, and the OWASP Top 10 for web application risks. Many organizations build or adopt a taxonomy to feed threat modeling, risk registers, and detection engineering.

A threat taxonomy matters because without a shared classification, teams describe the same threats inconsistently, gaps in coverage go unnoticed, and risk comparisons become subjective. A taxonomy makes threat modeling systematic, helps map defenses to specific threat categories, drives metrics on which threats are detected or missed, and improves communication between analysts, engineers, and leadership. It turns a vague list of dangers into an analyzable, prioritizable structure.

For example, a development team performing threat modeling on a new API walks through each STRIDE category in turn. Under Spoofing they identify the risk of forged authentication tokens, under Tampering the risk of modified request payloads, and under Elevation of privilege the risk of a regular user invoking admin functions. By methodically applying the taxonomy, they surface threats they would have missed with ad hoc brainstorming and assign a concrete control to each one.

Learn More About Threat Taxonomy:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →