These are the models I use. I’ve split them into two sections; international relations, and cyber. All of them are established models within their respective fields.

See the International relations 101 page for a crash course of IR.

International relations

Three (ish) levels of analysis

In his book Man, The State, and War the structural realist Kenneth Waltz defined three levels (or images) to be used when analyzing conflict;

1. The international system
2. The state
3. The individual

A fourth level, the dyad (or pair), is often included and compliments the original three levels. It looks at the the relationship between two of the units in conflict. A thorough analysis will typically make use of several of these levels.

The international system

A system can be defined as a collection of units that are interconnected. In the context of international relations we are talking about a political system. Examples of units are states, international non-governmental organizations, and corporations.

The dyad

This level concerns the relationship between two units. Realism, with its focus on power, will typically analyse the balance of the states military might or disputes over territory. Liberalism on the other hand will look at regimes, trade, competition, etc.

The state

This level pays attention to the characteristics of each state included in the analysis. This could be the political system, culture, economy, and population. A realist might look at the organization of the military, while a liberal would concentrate on economical aspects.

The individual

The individual level looks at the traits of individuals involved, e.g. the personality, biases, and modus operandi of a statesman.

Rational actor model

The rational actor model (RAM) perceive the state as a monolithic and unitary actor where decisions are optimized for gain.

Bureaucratic model

In contrast to the rational actor model, the bureaucratic model assume the state is not a coherent actor. The different bureaucracies and decision makers within a state are competing for favor and funding in a zero-sum game.

Operational process model

In the operational process model (OPM) governmental organizations are looking after their own interests, and follow standard operating procedures (SOPs) in their daily work. Deviations from these SOPs are cumbersome.

Cyber

Diamond Model of Intrusion Analysis

At the core of this model is the event, which has four basic interlinked features; adversary, infrastructure, capability, and victim. The Diamond Model (DM) focus on the what and how, and not so much the who (as in It was China).

An intrusion consist of many events, forming an activity thread. This model is very useful when analyzing intrusions, as it provides a standardized and repeatable framework. I have also found the Diamond Model to be a good fit when aggregating information about an activity group.

I highly recommend reading the white paper by the inventors.