Fork me on GitHub

Culture and Organization -> Design: Creation of simple abuse stories

Risk and Opportunity

Risk: User stories mostly don't consider security implications. Security flaws are discovered too late in the development and deployment process.
Opportunity: Abuse stories are created during the creation of user stories.

Additional Information

Dependencies: Conduction of simple threat modeling on technical level, Creation of threat modeling processes and standards

Implementation hints

Usefulness and Requirements of this Activity

Usefullness: High
Required knowledge: Low (one discipline)
Required time: Low
Required resources (systems): Very Low


ISO27001 2017