Fork me on GitHub

Culture and Organization -> Design: Conduction of advanced threat modeling

Risk and Opportunity

Risk: Inadequate identification of business and technical risks.
Opportunity: Threat modeling is performed by using reviewing user stories and producing security driven data flow diagrams.

Additional Information

Dependencies: Conduction of simple threat modeling on technical level, Creation of threat modeling processes and standards

Example High Maturity Scenario:

Based on a detailed threat model defined and updated through code, the team decides the following:

Source: OWASP Project Integration Project

Implementation hints

Usefulness and Requirements of this Activity

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

OWASP SAMM VERSION 2

ISO27001 2017