1 month, 4 days ago

Improving Return on Security Investment: Threat Modeling and The Open Group Open FAIR™ Risk Analysis as a KPI for Agile Projects

Link: https://blog.opengroup.org/2024/04/16/improving-return-on-security-investment-threat-modeling-and-the-open-group-open-fair-risk-analysis-as-a-kpi-for-agile-projects/?utm_source=rss&utm_medium=rss&utm_campaign=improving-return-on-security-investment-threat-modeling-and-the-open-group-open-fair-risk-analysis-as-a-kpi-for-agile-projects

The first three posts of this series have laid plain the need to supplement ongoing threat modeling activities with quantitative risk analysis, such as the process described in The Open Group Open FAIR™ Body of Knowledge. They’ve briefly discussed a way to incorporate Open FAIR Risk Analysis in the threat modeling process and illustrate how the results would improve return on security investment by deliberately selecting cost-effective combinations of controls. But questions remain: