Bringing it together

Link personas, attack paths, and impacts.

Goal

Move from isolated exercises to a living threat model your organisation can update and revisit.

Exercise instructions

  1. Combine your adversary personas with mapped attack paths.

  2. Add the operational impacts for each path.

  3. Prioritise: which risks are unacceptable, which can be tolerated?

  4. Decide on next steps: mitigations, monitoring, or simply awareness.

Result

A threat model that reflects real risks, grounded in team discussion, and ready to guide future decisions.