Answer-first summary for fast verification
Answer: Use STRIDE methodology and involve all stakeholders
Threat modeling should be comprehensive and involve all stakeholders to ensure that both internal and external threats are considered. Using the STRIDE methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) helps in systematically identifying and categorizing threats. Involving all stakeholders ensures that diverse perspectives are considered, leading to a more robust threat model.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
Evaluating threats to business-critical applications by using threat modeling involves identifying potential threats and assessing their impact. Describe the steps you would take to conduct this evaluation. How would you ensure that the threat modeling process is comprehensive and addresses both internal and external threats?
A
Use STRIDE methodology and involve all stakeholders
B
Conduct a SWOT analysis and use automated tools
C
Focus on external threats only and use a risk matrix
D
Review past security incidents and apply lessons learned