![]() ![]() IT systems are complex, and are becoming increasingly more complex and capable over time, delivering more business value and increased customer satisfaction and engagement. Let’s start with a primer on threat modeling. Furthermore, I’ll also provide some guidance specific to when you’re using Amazon Web Services (AWS). However, the main aim of this post is to augment the existing guidance with some additional tips on how to handle the people and process components of your threat modeling approach, which in my experience goes a long way to improving the security outcomes, security ownership, speed to market, and general happiness of all involved. There are many great guides on how to perform the procedural parts of threat modeling, and I’ll briefly touch on these and their methodologies. ![]() In this post, I’ll provide my tips on how to integrate threat modeling into your organization’s application development lifecycle. February 14, 2022: Conclusion updated to reference the companion “How to approach threat modelling” video session.
0 Comments
Leave a Reply. |