Issue No.01 - January/February (2008 vol.25)
Louis Kunimatsu , Ford Motor Company
Tim Baeten , Ford Motor Company
Nancy R. Mead , Carnegie Mellon University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MS.2008.25
Ford Motor Company is introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between the IT security group and its internal business customers in analyzing threats and better understanding risk. For this purpose, a core group of security personnel have piloted Microsoft?s Threat Analysis and Modeling process and tool on a dozen targets. This article discusses this process, along with the challenges and successes of its ongoing deployment in the organization. This article is part of a special issue on Security of the Rest of Us.
threat modeling, risk assessment, DREAD, threat analysis, risk management
Louis Kunimatsu, Tim Baeten, Nancy R. Mead, "Threat Modeling: Diving into the Deep End", IEEE Software, vol.25, no. 1, pp. 28-34, January/February 2008, doi:10.1109/MS.2008.25