Many threat modeling approaches exist with new techniques and tools to perform the same activity for different scenarios. However, methodologies like DevSecOps pose a huge challenge for threat modelers in incorporating the demands of different teams including scaling and quality issues and in successfully demonstrating business value. This requires moving away from traditional practices to fit DevSecOps needs.
After an elaborative study, we introduce a Maturity Model for Threat Modeling, focused on how it can be integrated with the enterprise. You will witness threat modeling as a central tool for security risk management, how various functions in the enterprise can be involved to address risk and finally preparing organizations to experience the right outcome for recommended tool categories at every maturity level.
Address the challenges in traditional threat models to suit DevSecOps methodology.
Describe a maturity model to prepare organizations for the right levels of threats.
Recommend the right tool categories for every maturity level.