Feb 16, 2018 | Enterprise Threat Modeling
Understanding that enterprise threat modeling is the gold standard of threat modeling, enabling CISOs can drive consistent security policy organization-wide is one thing. Implementing it across the IT ecosystem is quite another. Securing legacy systems, for example,...
Jan 24, 2018 | Enterprise Threat Modeling, Threat Models
With Meltdown and Spectre, 2018 could set a new standard for the “year of the cyber-attack.” Getting on top of these critical vulnerabilities will require enterprise threat modeling. Meltdown and Spectre recently discovered hardware vulnerabilities affecting chips...
Jan 24, 2018 | CISO, Enterprise Threat Modeling
Threat modeling for critical and high-risk application security has been a mainstay of software development for nearly a decade. The immediate benefits of application threat modeling include reducing application security risk and lowering production costs as potential...
Dec 7, 2017 | DevOps, Enterprise Threat Modeling
If there is such a thing as “traditional DevOps,” it is a two-dimensional beast. Consider, for example, the relatively simple two-dimensional graph shown below. Let development be represented on the vertical axis and operations be represented on the horizontal. Then...
Nov 29, 2017 | DevOps, Enterprise Threat Modeling
The next most popular conversation around DevOps has to do with where the bottleneck is currently at its worst, DevOps security. Throughout this series, How to Improve your DevOps Implementation, we have examined, how to improve the throughput by integrating security...
Nov 8, 2017 | Enterprise DevSecOps, Enterprise Threat Modeling
DevOps creates an environment which may be systemically flawed, in part due to a lack of operational visibility into application post-deployment. Ironically, the fundamental, underlying goal of DevOps is to create an environment in which both developers and operators...
