ID.RA-05.162

Has your organization developed and implemented threat modeling processes to identify risks to data and determine appropriate risk responses?

Explanation

Threat modeling is a structured approach to identifying potential threats, vulnerabilities, and attack vectors that could compromise your data assets. By systematically analyzing how an attacker might target your systems, you can better understand your risk exposure and prioritize security controls. Effective threat modeling helps organizations make informed decisions about risk mitigation strategies, whether through accepting, avoiding, transferring, or reducing identified risks. Evidence of fulfillment could include documented threat models (such as STRIDE, DREAD, or attack trees), risk assessment reports that incorporate threat modeling outputs, or meeting minutes from threat modeling sessions that show the process of identifying threats and determining risk responses.

Implementation Example

Develop threat models to better understand risks to the data and identify appropriate risk responses

ID: ID.RA-05.162

Context

Function: ID: IDENTIFY
Category: ID.RA: Risk Assessment
Sub-Category: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub