The Art of Threat Modeling for IT Risk Management
The reality is that data security is more often than not a software problem - more so than at any other layer in the information system infrastructure. Several years ago, Gartner Group estimated that greater than 70% of security vulnerabilities existed at the "Application Layer" and not at the system or network layer. This has been supported by other analyst firms and research studies but unfortunately, security is still an afterthought for many companies and security of software applications is often addressed after implementation or deployment.
This paper introduces Threat modeling, a powerful software application risk management technique that allows you to identify your "true" risks in deployed or in-construction software and make informed risk management decisions.