Your company decides to start the business of selling toys online and shipping globally. A software development team in-house has gone through analysis, design, development, and testing. Shortly after the E-Commerce system goes into operations, it suffers SQL injection attacks and data breach. As a security professional, which of the following is the best strategy to conduct threat modeling to mitigate risks?
A. In the initial design stage
B. In the testing stage
C. As late as in the operations stage
D. All of the above
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. All of the above.
It’s a rule of thumb to manage security across the life cycle, but when it comes to threat modeling, some will argue it begins in the initial design stage. It is because the Microsoft approach relies on data flow diagrams (DFDs) and other models or diagrams; they are the artifacts produced in the design phase.
I treat threat modeling as risk management activities conducted in the context of software, while some insist threat modeling can be applied in other contexts. I won’t use the term, threat modeling, outside the context of software.
A proactive approach to threat modeling takes place during early stages of systems development, specifically during initial design and specifications establishment. This type of threat modeling is also known as a defensive approach. Unfortunately, not all threats can be predicted during the design phase, so reactive approach threat modeling is still needed to address unforeseen issues.
A reactive approach to threat modeling takes place after a product has been created and deployed. This type of threat modeling is also known as the adversarial approach.
Stewart, James M.; Chapple, Mike; Gibson, Darril. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide.