Useful Links
Computer Science
Cybersecurity
Threat Modeling
1. Introduction to Threat Modeling
2. The Threat Modeling Process Overview
3. System Decomposition and Modeling
4. Threat Identification and Enumeration
5. Threat Analysis and Risk Assessment
6. Validation and Verification
7. Integrating Threat Modeling into the Development Lifecycle
8. Domain-Specific Threat Modeling
9. Tooling and Automation
10. Scaling a Threat Modeling Program
Integrating Threat Modeling into the Development Lifecycle
Threat Modeling in Different Methodologies
Waterfall
Threat Modeling in Design Phase
Handoffs to Implementation
Agile and Scrum
Threat Modeling in Sprints
Backlog Integration
DevOps
Continuous Threat Modeling
Automation Opportunities
Timing the Threat Modeling Activities
During Design and Architecture Phase
Initial Threat Model Creation
Design Review Integration
During Sprint Planning
User Story Threat Analysis
Acceptance Criteria for Security
As a Continuous Activity
Ongoing Updates
Integration with Change Management
Roles and Responsibilities
Security Champions
Advocacy and Training
Liaison Role
Developers and Engineers
Model Creation and Maintenance
Implementing Mitigations
Architects
System Design Oversight
Threat Model Review
Security Professionals
Facilitation and Guidance
Risk Assessment
Product Owners
Prioritization of Security Work
Stakeholder Communication
Previous
6. Validation and Verification
Go to top
Next
8. Domain-Specific Threat Modeling