Workshops Cyber Defence Quantum Threat Modelling for Enterprise Security
Cyber Defence Deep Dive Session

Quantum Threat Modelling for Enterprise Security

This session equips security architects to integrate quantum threat vectors into existing STRIDE and PASTA frameworks and communicate quantum risk to the board.

Half day (3 hours)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

Enterprise security teams already use structured threat modelling methodologies. STRIDE and PASTA are the most widely deployed. The challenge is that neither framework was designed to account for the threat of retroactive cryptographic compromise: an adversary who can break RSA and ECDH does not just gain future access but can decrypt all previously captured traffic and data. This changes the threat model fundamentally, and the frameworks need explicit quantum extensions to capture it.

This session provides those extensions. Participants work through each STRIDE category with quantum-specific threat scenarios: Spoofing becomes forged digital signatures via Shor's algorithm; Information Disclosure extends to harvest-now-decrypt-later retroactive decryption; Denial of Service includes certificate revocation cascades following CA key compromise. The PASTA seven-stage process receives quantum inputs at Stage 2 (threat enumeration) and Stage 5 (vulnerability analysis). Cryptanalytic timeline assessment uses the Mosca inequality, expert survey data (Global Risk Institute, government intelligence community assessments), and current quantum hardware progress to assign likelihood ratings. The session concludes with a board communication module: a structured format for translating quantum threat model findings into enterprise risk register entries and a one-page board summary with timeline visualisation and financial exposure estimates.

What participants cover

  • STRIDE quantum extensions: mapping each STRIDE category to specific quantum attack scenarios (signature forgery, HNDL decryption, certificate cascade, authentication token compromise)
  • PASTA quantum integration: adding quantum threat scenarios at Stage 2 (threat enumeration) and Stage 5 (vulnerability analysis) of the seven-stage process
  • Cryptanalytic timeline assessment: current quantum hardware state (superconducting, trapped ion, neutral atom), expert survey data, and the Mosca inequality for risk likelihood rating
  • Attack surface analysis: identifying enterprise cryptographic dependencies across TLS, VPN, code signing, PKI, database encryption, and authentication protocols
  • Risk register integration: adding quantum cryptographic risk as a quantified line item with impact, likelihood, and mitigation status
  • Board communication: one-page summary format with timeline visualisation, financial exposure estimate, and regulatory escalation triggers (NIS2, DORA)

Preliminary Agenda

Half-day session structure. Content is configurable to your existing threat modelling methodology, enterprise risk framework, and board reporting format.

#SessionTopics
1 Quantum Threat Vectors in Enterprise EnvironmentsCryptanalytic timelines and attack surface analysis for enterprise security teams
2 Extending STRIDE and PASTA for Quantum ThreatsIntegrating quantum attack vectors into existing threat modelling frameworks
  • STRIDE quantum extensions: Spoofing (forged digital signatures via quantum factoring), Tampering (integrity compromise of signed artefacts), Repudiation (quantum-broken non-repudiation), Information Disclosure (HNDL decryption of captured traffic), Denial of Service (certificate revocation cascades), Elevation of Privilege (compromised authentication tokens)
  • PASTA quantum integration: adding quantum threat scenarios to the seven-stage Process for Attack Simulation and Threat Analysis. Stage 2 (threat enumeration) and Stage 5 (vulnerability analysis) are the primary extension points.
  • Mosca inequality as a threat modelling input: using cryptanalytic timeline estimates to assign quantum threat likelihood ratings within existing risk matrices
Break, after 50 min
3 Cryptanalytic Timeline AssessmentEstimating when quantum computers will break deployed cryptography
  • Current state of quantum hardware: superconducting (IBM, Google), trapped ion (Quantinuum, IonQ), and neutral atom (QuEra, Pasqal) approaches. Logical qubit counts and error correction progress.
  • Expert timeline estimates: Mosca survey data, Global Risk Institute annual assessments, and government intelligence community guidance (NSA, GCHQ, BND). Range: 2030-2045 for RSA-2048.
  • Organisational risk appetite: mapping optimistic, median, and conservative CRQC timeline assumptions to enterprise risk tolerance levels for different data sensitivity classes
4 Board Communication and Risk EscalationTranslating quantum threat models into business risk language
  • Risk register integration: adding quantum cryptographic risk as a line item in the enterprise risk register with quantified impact, likelihood (tied to CRQC timeline), and mitigation status
  • Board-ready threat summary: a one-page format that communicates quantum risk without requiring technical literacy. Includes timeline visualisation, financial exposure estimate, and recommended investment.
  • Regulatory escalation triggers: when quantum risk assessment findings require notification to regulators, board committees, or audit functions under NIS2, DORA, or sector-specific frameworks

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and enterprise security risk management.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

CY

Enterprise Security Partners

Domain expertise and operational validation

Threat modelling workshops are co-delivered with enterprise security specialists who bring direct experience in STRIDE and PASTA methodology, board-level risk communication, and security architecture for large enterprises across regulated industries.

Commission This Workshop

Sessions are configured around your existing threat modelling methodology, enterprise risk framework, board reporting format, and regulatory environment. Get in touch to discuss requirements and schedule a date.

Contact Us
Cyber Defence Workshops All Consulting Services All Workshops