A software development team of your company is tasked to develop the E-Commerce website. Which of the following is the best time to conduct threat modeling? (Wentz QOTD)
A. When the software has been tested
B. When the solution has been proposed
C. When the integrated product team (IPT) is established
D. When software requirements have been verified and validated
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. When the solution has been proposed.
Risk and security should be considered across the Software Development Life Cycle (SDLC), so some may consider threat modeling should be conducted across the SDLC or as early as possible. However, the design phase of the SDLC is the best time to conduct threat modeling based on the proposed solution or design. For example, the Microsoft threat modeling approach relies on reviewing diagrams or designs to assess vulnerabilities, categorized and prioritized by STRIDE and DREAD.
- The integrated product team (IPT) is established in the planning phase.
- Verified and validated software requirements produce a software requirement specification (SRS), the conclusion of the analysis, or the requirement phase.
- The solution comprising designs is proposed, in the design phase, to address requirements.
CISSP CBK, 4th
As part of the design phase of the Software Development Life Cycle (SDLC), threat modeling allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. Therefore, it helps reduce the total cost of development.
NIST SP 800-154
Threat modeling is a form of risk assessment that models aspects of the attack and defense sides of a particular logical entity, such as a piece of data, an application, a host, a system, or an environment.
A common form of threat modeling is software threat modeling, which is threat modeling performed during software design to reduce software vulnerabilities. There are many established methodologies for performing software threat modeling.
Another common form of threat modeling is known as system threat modeling, which is threat modeling performed for operational systems to improve their overall security. Compared to software threat modeling, system threat modeling tends to be largely informal and ad hoc.
Source: NIST SP 800-154 (draft)
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您公司的軟開發團隊的任務是開發電子商務網站。 以下哪個時間是進行威脅建模的最佳時間? (Wentz QOTD)
A. 軟體經過測試後
B. 提出解決方案(solution)時
C. 成立整合產品團隊(IPT)時
D. 軟體需求被驗證和確認(V&V)後