The Art of Threat Modeling for IT Risk Management

The reality is that data security is more often than not a software problem - more so than at any other layer in the information syThe Art of Threat Modeling for IT Risk Managementstem infrastructure. Several years ago, Gartner Group estimated that greater than 70% of security vulnerabilities existed at the "Application Layer" and not at the system or network layer. This has been supported by other analyst firms and research studies but unfortunately, security is still an afterthought for many companies and security of software applications is often addressed after implementation or deployment.

This paper introduces Threat modeling, a powerful software application risk management technique that allows you to identify your "true" risks in deployed or in-construction software and make informed  risk management decisions.