« Bill Gates Last Day at Microsoft
Security Policies in the Application Development Process »

IEEE Threat Modelling

This paper from IEEE describes how Ford Motor Company use the Threat and Application Modelling tool from my team to improve the security of their business applications.

Abstract: “Ford Motor Company is currently introducing threat modeling on strategically important IT applications and business processes. The objective is to support close collaboration between IT Security & Controls (the ITS group at Ford) and its business customers in analyzing threats and better understanding risk. To accomplish this, a core group of security personnel have piloted Microsoft’s Threat Analysis and Modeling process and tool on a dozen projects. Here, we discuss this TAM process, its benefits and challenges, and some deployment solutions.”

Download PDF Here

Explore posts in the same categories: ACE Team, Threat Modeling, Visualization, Web Security, information security

This entry was posted on January 7, 2008 at 10:50 pm and is filed under ACE Team, Threat Modeling, Visualization, Web Security, information security. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

3 Comments on “IEEE Threat Modelling”

  1. Andy Says:
    January 8, 2008 at 9:38 pm

    Mark,

    You might want to change the link to point to us-cert.gov instead, the current URL gives a certificate warning :)

  2. mcurphey Says:
    January 8, 2008 at 9:41 pm

    Done. Thanks Andy!

  3. Liquidmatrix Security Digest » Security Briefing: January 9th Says:
    January 9, 2008 at 12:53 pm

    [...] IEEE Threat Modelling [...]

Comment: