Culture and Organization -> Design: Creation of threat modeling processes and standards
Risk and Opportunity
Risk: Inadequate identification of business and technical risks.
Opportunity: Creation of threat modeling processes and standards through the organization helps to enhance the security culture and provide more structure to the threat modelings.
Dependencies: Conduction of simple threat modeling on technical level
- Threat Modeling Playbook, Link, Tags: owasp defender threat-modeling whiteboard
- OWASP SAMM, Link, Tags: threat-modeling owasp defender
Usefulness and Requirements of this Activity
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001
- may be part of risk assessment