Start here: https://youtu.be/uxD0l-P9Byo
42 minutes of nothing but Threat Modeling experience
Watch Katie Gilligan share thoughts with Necessary Security LLC around:
People often misunderstand the distinction between the threat modeling process and the threat modeling program.
Security practices have evolved due to high-level policy and standards that lack quantifiable or testable metrics.
Compliance-based security differs from threat modeling in that compliance focuses on adhering to regulations, while threat modeling proactively identifies and mitigates potential threats.
Frameworks offer a structured approach to security, facilitating effective risk management and decision-making.
Inviting the policy community into the threat modeling program space requires effective communication, collaboration, and education.
Financial services companies typically have dedicated teams responsible for threat modeling and compliance.
Comments