July 2018
Intermediate to advanced
356 pages
9h 18m
English
Content preview from Hands-On Security in DevOps
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Case study – formal documents or not?
Let's look at a case study to discuss the different approaches of threat modeling practices. Peter and Linda, who are security leads, plan to do threat modeling with a project team. Peter is in a very large organization. The project team is distributed across the Globe. The security process requires a formal threat modeling analysis report as parts of the criteria to move on to the next step. On the other hand, Linda is working with a small software company. Team members are all in the same location. Linda thinks using a whiteboard and card game discussion will be more interactive and efficient instead of detailed documents. As a result, Peter and Linda decided on different approaches to run the threat ...