Threat Modeling Tips: Assembling the Right Team and Setting Clear Objectives
Threat modeling is a critical exercise that involves brainstorming, collaboration, and communication. It is essential to bridge the gap between application development, operations, business, and security. There is no shortcut to success, but there are some tips that can help improve the adoption and success of threat modeling.
Assemble the Right Team
Threat modeling is a “team sport” that requires the knowledge and skills of a diverse team, where all inputs are valued equally. To assemble the right team, you need to consider the following personas:
•The Business Persona: This persona represents the business outcomes of the workload or feature that is part of the threat modeling process. They should have an in-depth understanding of the functional and non-functional requirements of the workload and ensure that proposed mitigations do not impact these requirements negatively.
•The...