Sorry, not available in this language yet
Intelligence includes those practices that result in collections of corporate knowledge used in carrying out activities throughout the organization. Collections include both proactive security guidance and organizational threat modeling.
Attack Models capture information used to think like an attacker: threat modeling, abuse case development and refinement, data classification, and technology-specific attack patterns.
Learn moreThe Security Features & Design practice is charged with creating usable security patterns for major security controls (meeting the standards defined in the Standards & Requirements practice), building middleware frameworks for those controls, and creating and publishing proactive security guidance.
Learn moreThe Standards & Requirements practice involves eliciting explicit security requirements from the organization, determining which COTS to recommend, building standards for major security controls (such as authentication, input validation, and so on), creating security standards for technologies in use, and creating a standards review board.
Learn more