When preparing for a threat modeling assessment, there are a lot of moving parts to consider within a firm. These assessments often cause concerns throughout the organizational hierarchy. Don’t worry, that’s normal. To steady those nerves, here are five activities to undertake before your next threat model that will set your team and organization up for success: 1. Assemble relevant documentation and diagrams. The idiom “a picture is worth a thousand words” suits a variety of security-relevant visuals. Architecture diagrams, network diagrams, logical models, deployment models, and data flow diagrams are a few examples that can provide a forest-level view of a software system’s security posture. Also provide more detailed artifacts if possible. Requirements documents, design documents, and any other documentation related to the application is always helpful.
Posted in Managing security risks