The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2008 vol.25)
pp: 28-34
Jeffrey A. Ingalsbe , Ford Motor Company
Louis Kunimatsu , Ford Motor Company
Tim Baeten , Ford Motor Company
Nancy R. Mead , Carnegie Mellon University
ABSTRACT
Ford Motor Company is introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between the IT security group and its internal business customers in analyzing threats and better understanding risk. For this purpose, a core group of security personnel have piloted Microsoft?s Threat Analysis and Modeling process and tool on a dozen targets. This article discusses this process, along with the challenges and successes of its ongoing deployment in the organization. This article is part of a special issue on Security of the Rest of Us.
INDEX TERMS
threat modeling, risk assessment, DREAD, threat analysis, risk management
CITATION
Jeffrey A. Ingalsbe, Louis Kunimatsu, Tim Baeten, Nancy R. Mead, "Threat Modeling: Diving into the Deep End", IEEE Software, vol.25, no. 1, pp. 28-34, January/February 2008, doi:10.1109/MS.2008.25
REFERENCES
1. F. Swiderski and W. Snyder, Threat Modeling, Microsoft Press, 2004.
2. P. Saitta, B. Larcom, and M. Eddington, "Trike v.1 Methodology Document [Draft],"13 July 2005, www.octotrike.orgTrike_v1_Methodology_Document-draft.pdf .
3. S. Myagmar, A. Lee, and W. Yurcik, "Threat Modeling as a Basis for Security Requirements," Proc. Symp. Requirements Engineering for Information Security (SREIS 05), 2005, www.sreis.org/SREIS_05_Programshort30_myagmar.pdf .
4. M. Howard and D. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, 2002.
6 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool