![]() can be overlaid onto your existing diagrams (Visio, Enterprise Architect, etc.) or started as paper or whiteboard captures.ĭesigns can be "zoomed" depending on phase and audience adding implementation and operational details as they develop in the SDLC. The details needed for Threat Modeling such as (trust) boundaries, endpoints, data and key/credential stores, data flows (with direction and "sensitivity"), etc. ![]() These are typically done together, but you can do design without analysis (especially very early) and analysis can be done more frequently as a checkpoint to changes - e.g., to later stage operational configuration or controls.ĭesign doesn't have to be UML or captured in a specific medium or tool. Two distinct phases - design and analysis. Architects, developers, support and services, and operations staff can be included providing technical and team building benefits. Inclusive of disciplines and helps converge and align teams earlier in an SDLC. This can serve many purposes in your organization and is critical in the context of audits, certifications, and incident response. Helps build and maintain an architecture, design, and operational model (which every solution should have).
0 Comments
Leave a Reply. |