From helpnetsecurity.com
The traditional approaches to threat modeling can be very effective, but they don’t scale well enough in the current computing and threat landscape. As more business operations shift to digital it becomes too time consuming to tackle all of an organization’s high-priority threats, leaving too many vulnerabilities unaddressed.
How can this process be streamlined? Organizations should start by realizing that they are doing threat modeling backwards, and that they need to reverse how these models are developed.