Introduction – Threat Modeling for Risk Quantification

The security development lifecycle, including threat modeling, is a concept described by Microsoft around 2006 in a book of that title. While use of the threat modeling technique typicall produces recommended improvements to the code and supporting infrastructure, it lacks the means of providing financial justification for the sometimes significant cost for making improvements. It is notable that nobody owns the threat modeling technique, so evolution is likely occuring down various paths.

This series of posts explores threat modeling as it could relate to standard methodologies published by The Open Group. The goal:

Improving Justification for Mitigations identified by Threat Modeling

4 thoughts on “Introduction – Threat Modeling for Risk Quantification

  1. Pingback: 2 Threat Modeling using ArchiMate | How to Manage Cybersecurity Risk

  2. Pingback: 1 – Threat Modeling with Open FAIR | How to Manage Cybersecurity Risk

  3. Pingback: 4 – Leveraging Assessment Management | How to Manage Cybersecurity Risk

  4. Pingback: 3 – Threat Modeling using ArchiMate with Open FAIR | How to Manage Cybersecurity Risk

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s