Culture and Org.: Conduction of advanced threat modelling
Risk and Opportunity
Risk: Inadequate identification of business and technical risks.
Opportunity: Threat modelling is performed by using reviewing user stories and producing security driven data flow diagramms.
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low
OWASP SAMM 1 Mapping: TA2-B