The Art of Threat Modeling for IT Risk Management
The reality is that data security is more often than not a software problem - more so than at any other layer in the information system infrastructure. Several years ago, Gartner Group estimated that greater than 70% of security vulnerabilities existed at the "Application Layer" and not at the system or network layer. Unfortunately, security is an afterthought for most companies and security of software applications is often addressed after implementation or deployment.
This paper, designed for IT Risk Management, Information Security, and Management personnel, will introduce:
- Risk Management Best Practices: Following a proven methodology for effectiveness
- The Need for Threat Modeling: Understanding common problems that threat models help you avoid and ways you can balance testing for effectiveness
- Threat Modeling for Better Risk Management: Threat modeling throughout the SDLC will help define proper security requirements at all stages
- Getting Started with Threat Modeling: Identify entry points, realization conditions, map your framework, and communicatewith the development team