US Patent 10255439 Threat modeling systems and related methods including compensating controls

Threat modeling methods include, in response to receiving user input using computing device interfaces: storing threat model components, threats, and security requirements in a database; associating each threat with a component; storing an indication of whether each security requirement is a compensating control; associating each compensating control with one of the threats; displaying a diagram of one of a system, an application, and a process, using visual representations of the components, the diagram defining a threat model, displaying a threat report displaying each threat associated with one of the components included in the threat model; and; displaying a report displaying each compensating control associated with one of the threats included in the threat report. Threat modeling systems include one or more computing devices coupled with a database and having user interfaces for storing, associating, displaying, and editing the components, threats, and security requirements in various ways.