Effective CISSP Questions

You lead an integrated product team to develop a software solution. Which of the following is incorrect about threat modeling? (Wentz QOTD)
A. Threat modeling emphasizes identifying and addressing design flaws before coding.
B. Ideally, threat modeling is applied as soon as an architecture has been established.
C. Threat modeling should be conducted in the initiation phase as mentioned in the NIST SDLC.
D. The express aim of threat modeling is to identify and eliminate architectural and design issues.

Continue reading