Skip to Main Content
Threat Modeling
book

Threat Modeling

by Izar Tarandach, Matthew J. Coles
November 2020
Beginner content levelBeginner
249 pages
7h 7m
English
O'Reilly Media, Inc.
Book available
Content preview from Threat Modeling

Chapter 3. Threat Modeling Methodologies

So since all models are wrong, it is very important to know what to worry about; or, to put it in another way, what models are likely to produce procedures that work in practice (where exact assumptions are never true).

G. E. P. Box and A. Luceño, Statistical Control: By Monitoring and Feedback Adjustment (John Wiley and Sons)

This chapter introduces some of the many available threat modeling methodologies, highlighting the many facets of the discipline. We discuss our personal views and experiences (and where appropriate, borrow opinions from trusted sources) on these methodologies’ advantages and drawbacks, so you can identify a methodology that may work for you.

Before We Go Too Deep…

It is important to make one point clear from the start: there isn’t a best methodology. A particular methodology will work successfully in some organizations and teams, or for specific technologies or compliance requirements, and yet will completely fail in others. The reasons are as varied as the team’s organizational culture, the people involved in the threat model exercise, and the constraints put upon the team by the current state of the project (which will vary over time).

Consider, for example, a team that begins without security-oriented goals, then evolves to appointing a security champion representing security interests for the whole team, and finally achieves the state in which every developer, architect, and tester has enough security knowledge ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Threat Modeling

Threat Modeling

Adam Shostack
Security in Computing, 6th Edition

Security in Computing, 6th Edition

Charles Pfleeger, Shari Lawrence Pfleeger, Lizzie Coles-Kemp

Publisher Resources

ISBN: 9781492056546Errata Page