Fork me on GitHub

CultureAndOrganization -> Design: Creation of threat modeling processes and standards

Risk and Opportunity

Risk: Inadequate identification of business and technical risks.
Opportunity: Creation of threat modeling processes and standards through the organization helps to enhance the security culture and provide more structure to the threat modelings.

Usefulness and Requirements of this Activitiy

Usefullness: Medium
Required knowledge: High (two disciplines)
Required time: Medium
Required resources (systems): Low

Additional Information

Dependencies: Conduction of simple threat modeling on technical level
Implementation hints:

OWASP SAMM VERSION 2

ISO27001 2017