The Community for Technology Leaders
RSS Icon
Issue No.01 - January/February (2008 vol.25)
pp: 28-34
Jeffrey A. Ingalsbe , Ford Motor Company
Louis Kunimatsu , Ford Motor Company
Tim Baeten , Ford Motor Company
Nancy R. Mead , Carnegie Mellon University
Ford Motor Company is introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between the IT security group and its internal business customers in analyzing threats and better understanding risk. For this purpose, a core group of security personnel have piloted Microsoft?s Threat Analysis and Modeling process and tool on a dozen targets. This article discusses this process, along with the challenges and successes of its ongoing deployment in the organization. This article is part of a special issue on Security of the Rest of Us.
threat modeling, risk assessment, DREAD, threat analysis, risk management
Jeffrey A. Ingalsbe, Louis Kunimatsu, Tim Baeten, Nancy R. Mead, "Threat Modeling: Diving into the Deep End", IEEE Software, vol.25, no. 1, pp. 28-34, January/February 2008, doi:10.1109/MS.2008.25
1. F. Swiderski and W. Snyder, Threat Modeling, Microsoft Press, 2004.
2. P. Saitta, B. Larcom, and M. Eddington, "Trike v.1 Methodology Document [Draft],"13 July 2005, www.octotrike.orgTrike_v1_Methodology_Document-draft.pdf .
3. S. Myagmar, A. Lee, and W. Yurcik, "Threat Modeling as a Basis for Security Requirements," Proc. Symp. Requirements Engineering for Information Security (SREIS 05), 2005, .
4. M. Howard and D. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, 2002.
106 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool