Use this template to document the exact process your organization uses when conducting a threat and risk assessment. The template will help you document:
- When to conduct a threat and risk assessment.
- The scope of the assessment.
- What criteria is used to evaluate risk.
- How assessment results can be evaluated.
Formalize your threat and risk assessment process to know exactly what steps need to be followed when performing this risk analysis.
2 Comments
Suggest updating framework by which Risk is measured --- I have yet to see STRIDE used -- in 20+ yrs in Security.
Hi Eric, thank you for your feedback. We are aware of the limitations of STRIDE and does intend to update our content to include more commonly used threat models. We have an in-flight project updating our threat modeling research and should have an updated framework by early next year. If you would be willing to contribute our research, I'll be happy to setup an interview via our researching analyst.