Security Architecture

77 readers

1 users here now

Welcome to Security Architecture

We are dedicated to exploring the world of cybersecurity architecture. This community is a hub for professionals, enthusiasts, and learners who are passionate about designing robust and resilient security solutions to protect digital assets.

Here, you can expect to find a wide range of content including:

Discussions and Advice
Share Useful Resources
Case Studies and Success Stories
News and Updates
Tools and Technologies
Learning Resources
Career and Professional Development

Whether you're a seasoned cybersecurity architect, an aspiring professional, or someone who simply wants to understand the intricacies of cybersecurity architecture, this community provides a platform to share knowledge, exchange ideas, and engage in discussions related to this evolving field.

We emphasize a supportive and inclusive environment where everyone can contribute their unique perspectives and experiences. We encourage respectful discussions, collaboration, and the sharing of valuable resources to foster a vibrant and knowledgeable community.

Rules:

No bigotry: Including racism, sexism, homophobia, transphobia, or xenophobia.
Be respectful. Everyone should feel welcome here.
No NSFW content.
No Ads / Spamming.
No Sales posts or solicitation
All other instance rules apply

founded 2 years ago

MODERATORS

lal309

Threat Modeling (self.securityarchitecture)

submitted 2 years ago by lal309 to c/securityarchitecture

4 comments fedilink hide all child comments

Is anyone using threat modeling as a means of continuous architecture? Meaning, you have a threat mode for the entire organization and you periodically review it to ensure your current architecture is capable of handling emerging and changing threats.

you are viewing a single comment's thread
view the rest of the comments

[–] MajorHavoc 2 points 2 years ago* (last edited 2 years ago) (1 children)

I suppose so, if you count playbooks and table top exercises.

Ideally threat modeling is happening primarily in the heads of a wide array of subject matter experts (most without security titles) all the time, and leaders and architects are listening to those S.M.E.s when they opine on new emerging threats.

[–] lal309 2 points 2 years ago

Well that is a great point. I had a conversation with a Gartner analyst (I know I’m trying to remain unbiased) recently and he suggested doing threat modeling and reviewing periodically (at least annually) as a means of “keeping up with threats and changing landscape”. I thought that sounded great… on paper. Practicality this would be extremely time consuming to keep up to date ff or each system/control in my opinion.