Fork me on GitHub

Culture and Organization -> Design: Conduction of simple threat modeling on business level

Risk and Opportunity

Risk: Business related threats are discovered too late in the development and deployment process.
Opportunity: Threat modeling of business functionality is performed during the product backlog creation to facilitate early detection of security defects.

Additional Information

Usefulness and Requirements of this Activity

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

OWASP SAMM VERSION 2

ISO27001 2017