Fork me on GitHub

CultureAndOrganization -> Design: Conduction of simple threat modeling on business level

Risk and Opportunity

Risk: Business related threats are discovered too late in the development and deployment process.
Opportunity: Threat modeling of business functionality is performed during the product backlog creation to facilitate early detection of security defects.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: Low (one discipline)
Required time: Medium
Required resources (systems): Very Low

Additional Information

OWASP SAMM VERSION 2

ISO27001 2017