Bowtie Analysis
Causes → event → consequences
- Best for
- mapping preventions and mitigations
- Time
- 1–2 hr
- Difficulty
- Intermediate
Example
Mapping preventions and mitigations around a customer-data breach
Bowtie analysis
- Causes — phishing, leaked token, vendor compromise, misconfigured S3
- Top event — customer PII exposed externally
- Preventive barriers — SSO + 2FA, secret scanning, vendor reviews, IaC linting
- Consequences — regulatory fines, churn spike, brand damage, lawsuits
- Mitigating barriers — IR runbook, cyber insurance, customer comms template, audit log
Related frameworks
Want to fill in your own Bowtie Analysis?
Get FrameworkList for iOS