secure-os.org
ENFRESDEITPT
All guidesQubes OSTailsWhonixHardened LinuxDisk encryptionThreat model
threat model

What Is a Threat Model? A Plain-English Guide (2026)

secure-os· Updated June 22, 2026· 5 min read #threat-model#opsec#privacy#security#risk
Chess pieces set up on a board, ready for play

A threat model is the most useful security idea most people have never heard of. It is not technical, and it does not take long. It is a short plan that helps you spend your time and money on the risks that actually matter to you — and ignore the ones that don’t. This guide explains what a threat model is, the four questions behind it, and how to build your own in a few minutes.

The short answer

  • A threat model is a plan for who and what you are defending against. It turns vague worry into clear choices.
  • It answers four questions: what do you want to protect, who from, how likely is the threat, and how much effort is it worth.
  • The point is balance. You don’t lock every door in a castle when you only own a bike. Your defences should match your real risks, not the scariest headline.

Why you need one

Security advice online is endless and often contradictory. Use a password manager. Cover your webcam. Run a VPN. Leave your phone at home. Some of it fits your life. Most of it does not. Without a threat model, you either do nothing because it feels hopeless, or you burn hours on threats that will never touch you.

A threat model fixes that. It gives you a filter. When the next scary tip appears, you can ask: does this protect something I care about, from someone who is actually after it? If yes, act. If no, skip it and move on.

The four questions

A good threat model is just four honest answers.

  1. What do I want to protect? Your assets. This could be your photos, your bank access, your home address, your real name behind a pseudonym, or private messages.
  2. Who do I want to protect it from? Your adversaries. A scammer, a data broker, an abusive ex, a nosy employer, a thief who steals your laptop. Be specific and realistic.
  3. How likely is it that I will need to protect it? Your risk. A targeted attack by a government is very different from a random phishing email. Most people face the common, low-effort threats far more often.
  4. How much trouble am I willing to go through? Your cost. Every defence has a price in time, money or convenience. A method you find too annoying is one you will quietly stop using.
A metal combination padlock resting on a laptop keyboard
A threat model helps you pick the few protections that match your real risks, instead of trying to lock down everything at once.

A worked example

Say you want to protect your home address because you post online under a nickname. Your adversary is a stranger who might harass you, not a spy agency. The risk is real but not constant. And you are willing to spend a little effort, but you won’t move house over it.

That model points to clear, cheap actions: keep your real name off your accounts, scrub your address from data-broker sites, and don’t post photos that reveal where you live. You can skip the extreme stuff — a burner phone, a new identity — because it doesn’t match your actual threat. The model told you where to stop.

How threat models differ

There is no single correct threat model, and that is the point. A journalist protecting a source faces very different threats than a parent guarding family photos. A small business worries about ransomware and invoice fraud. Each builds a different plan, and each spends effort in a different place. Copying someone else’s setup without their threats is how people end up over-protected in one area and wide open in another.

Keep it alive

Your life changes, so your threat model should too. A new job, a public profile, a move, a breakup — each can add or remove a threat. Revisit your four answers a couple of times a year, or whenever something big shifts. It takes ten minutes and keeps your effort pointed at what matters now, not what mattered last year.

The bottom line

A threat model is not a tool you buy or a setting you switch on. It is a short, honest plan: what you protect, who from, how likely, and what it is worth. Build one, and the firehose of security advice turns into a short to-do list that actually fits your life. That clarity — not paranoia — is what real security looks like.

FAQ

What is a threat model in simple terms?

It is a plan that names what you want to protect and who you want to protect it from, so your security effort matches your real risks. Instead of following every tip online, you focus only on the threats that actually apply to you.

What are the questions in a threat model?

Four. What do you want to protect? Who do you want to protect it from? How likely is the threat? And how much effort are you willing to spend? Your honest answers point to the defences worth putting in place.

Do I need to be technical to make one?

No. A threat model is about your life and your risks, not about code or tools. Anyone can build one with a pen and paper in a few minutes. The technical choices come after, once you know what you are actually defending.

How often should I update my threat model?

Revisit it a couple of times a year, or whenever something big changes — a new job, a public profile, a move, or a breakup. Threats come and go, so a plan that fit last year may leave a gap today.