Title :
Threat Modeling: Diving into the Deep End
Author :
Ingalsbe, Jeffrey A. ; Kunimatsu, Louis ; Baeten, Tim ; Mead, Nancy R.
Author_Institution :
Ford Motor Co., Dearborn
Abstract :
Optimizing the working relationship between a company\´s IT security (ITS) group and its internal business customers is difficult at best. Who is responsible for security? What does "responsible" mean? For that matter, what does "security" mean? If ITS is solely responsible for security, as is often the case, then everything across the board will likely receive the same level of protection. In their defense, the members of ITS often don\´t know which asset means the most to the business, so the safest approach is to protect everything as much as possible.
Keywords :
business data processing; security of data; Ford Motor Company; IT security; internal business customers; threat modeling; Collaboration; Companies; Dairy products; Micromotors; Personnel; Protection; Risk analysis; Risk management; Security; Software engineering; DREAD; risk assessment; risk management; threat analysis; threat modeling;
Journal_Title :
Software, IEEE
