Using threat modeling can be an effective way to prioritize security control implementation efforts for a given solution. The resulting prioritization can then be used to help optimize time or financial costs during solution development. The following is a brief overview of using the threat modeling process to select both NIST CSF security outcomes and NIST security controls.
Continue reading “Using the STRIDE-LM Threat Model to Drive Security Control Selection”