CYSIAM Threat Modelling & Assessment is a professional consulting service that helps organisations identify and understand the threats they face based on their operating environment, business relationships, and technology stack. The service begins by defining the scope and mapping system architecture, including assets, data flows, and trust boundaries. The system is then decomposed into components to identify potential attack surfaces, with threats classified using structured frameworks such as MITRE ATT&CK. The methodology addresses both external and internal threats. External threats may arise from the nature of the client's work, their supply chain, or geopolitical factors such as operating in a country of interest to state-sponsored threat actors. Internal threats are assessed to support the development of effective mitigation strategies. Threats associated with specific technologies in use are also evaluated, covering what assets need protection and under what circumstances they could be compromised. Findings are documented in a threat model report, reviewed with stakeholders, and used to inform security design, detection capabilities, and incident response planning. The service supports compliance with standards including ISO 27001, NIST, and GDPR by providing structured risk assessments. Threat modelling is treated as an ongoing process rather than a one-time task, and is included as a standard component at the start of all CYSIAM Managed Detection & Response (MDR) engagements.