CMGT 433 Wk 2 Discussion – Threat Modeling

Post a total of 3 substantive responses over 2 separate days for full participation. This includes your initial post and 2 replies to other students.

Due Thursday

Respond to the following in a minimum of 175 words:

The SDLC (software/system development life cycle) framework, where security is often addressed only during the testing phase, is sometimes used by organizations. However, that practice has many flaws, especially the failure to identify threats and/or vulnerabilities because testing is done so late in the framework.

How can you include threat modeling within your SSDLC? At what points of the lifecycle would you include threats? Why would you do it then instead of another phase?

Due Monday

Reply to at least 2 of your classmates. Be constructive and professional in your responses.