Culture and Organization -> Design: Conduction of simple threat modeling on business level
Risk and Opportunity
Risk: Business related threats are discovered too late in the development and deployment process.
Opportunity: Threat modeling of business functionality is performed during the product backlog creation to facilitate early detection of security defects.
Usefulness and Requirements of this Activity
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001
- may be part of risk assessment