Should every Threat have a Security requirement associated with it? If not, how do we go about mitigating a Threat with no Security requirement?
This topic has been closed for comments
I had the pleasure of asking this question (worded differently) during my fireside chat with John Steven. While it’s important to have policies as security requirements against threats, threat modeling should effectively be used to develop robust security policy documents (imo) that would be effective.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.