Enterprise Threat Modeling Quantifies Risk

Enterprise Threat Modeling Quantifies Risk

An ad hoc, per-application threat modeling practice is a good start. After all, bringing secure coding considerations into the application design process makes creating secure, functional products on tight agile time frame much more efficient. Over the years, ad hoc threat modeling has demonstrated its value to organizations from an AppSec perspective. However, attempting to[…]

Quantifying Compensating Controls

Quantifying Compensating Controls with ThreatModeler

Compensating controls are cyber security mechanisms put in place to satisfy specific security compliance standards for regulatory purposes[i] or to meet a manufacturer’s guidelines.[ii] Such controls are not intended to be less stringent. Rather, the controls must – at a minimum – satisfy the rigor of the original security requirement.[iii] The purpose of compensating controls[…]