The modern enterprise runs on software that is primarily provisioned and maintained by IT.
Many organizations use network or perimeter security technologies to mitigate risk. Although these controls keep a lot of bad guys out, they are limited in their ability to prevent software-based attacks.
The need to understand risks from application vulnerabilities is critical, and you must understand this risk holistically—in the context of your entire information management infrastructure. To know how to assess risk in the application layer, the concept of threat modeling is tremendously useful.
Threat modeling is a powerful exercise that can help determine risk. This in-depth whitepaper lays out two approaches to threat modeling—both needed for a proven methodology for effectiveness.