CultureAndOrganization -> Design: Creation of threat modeling processes and standards
Risk and Opportunity
Risk: Inadequate identification of business and technical risks.
Opportunity: Creation of threat modeling processes and standards through the organization helps to enhance the security culture and provide more structure to the threat modelings.
Usefulness and Requirements of this Activitiy
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low
Dependencies: Conduction of simple threat modeling on technical level
- Threat Modeling Playbook, Link, Tags: owasp defender threat-modeling whiteboard
- OWASP SAMM, Link, Tags: threat-modeling owasp defender
OWASP SAMM VERSION 2
- not explicitly covered by ISO 27001
- may be part of risk assessment