Fork me on GitHub

Culture and Org. -> Design: Conduction of advanced threat modelling

Risk and Opportunity

Risk: Inadequate identification of business and technical risks.
Opportunity: Threat modelling is performed by using reviewing user stories and producing security driven data flow diagrams.

Exploit details

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

Example High Maturity Scenario:

Based on a detailed threat model defined and updated through code, the team decides the following:

Source: OWASP Project Integration Project

OWASP SAMM 1 Mapping: TA2-B
ISO27001:2017 Controls Mapping: