Blog

Posts in category "Security Architecture"

Your Worst Case Scenario: An Introduction to Threat Modeling

Threat modeling is an important piece of the security puzzle that may be missing in many IT organizations. Building a comprehensive model of the threats to your applications, systems, and organization will focus your security efforts where they matter most. When you drive your car, do you fasten your seat belt? Then, you understand the …

Security Should Be Application-Specific

I’m looking for the perfect pants. They’re brown. They’re sturdy. They’re business casual. They have many huge pockets, artfully arranged so that I don’t look like a pack rat even after I stash my stuff in them. They don’t cost a fortune. And of course, they fit me perfectly. I have never met these pants. …

Beyond Security Requirements: Secure Requirements

History shows that people are unlikely to develop or purchase secure software by accident. Back in the Dark Ages (think the 1990s), people built software and then tried to add security. This was rarely successful and frequently expensive. Progress, of a Sort As an industry, we’ve moved on to more efficient and more effective strategies, …