From the course: Learning Threat Modeling for Security Professionals
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Interlude: Scope and timing
From the course: Learning Threat Modeling for Security Professionals
Interlude: Scope and timing
- While analyzing my model, I posed the question would we be better off with micro instances? It's time to touch on when to threat model and the advantages and disadvantages in different choices. Threat modeling is amazingly powerful at the very start of a project while designs are literally on the whiteboard. It gives a structured way to engage with the security tradeoffs of a project. It helps pose questions like would we be better off with micro instances when it's easy to make that change? There are more constraints when threat modeling starts near the end of a project or is introduced when an existing product or service is being updated. It's harder to ask foundational questions. Threat modeling the entire plan system at the start of a project is great, and threat modeling what we're working on in a given sprint is also great. For example, I could add a load balancer in front of the media server. And the threat model scope for that project would be the load balancer and its…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.