As we develop content for a software release we writers go through a threat modeling exercise to identify what the threats are against a technology and how those threats can be mitigated either through the design of the feature, a certain setting modification, or through education and infrastructure design. However, our process is only a small portion of what we expect IT professionals to be engaged in as they work on deploying and supporting different technologies in an organization.
Various groups at Microsoft have put out resources to help IT professionals and developers that are engaged in threat modeling. If you are such a person, or think you might be soon, take a look at the following resources:
- Microsoft Application Threat Modeling Blog
- IT Infrastructure Threat Modeling Guide
- Microsoft SDL Threat Modeling Tool 3.0 (Download)
Remember that old caveat, “You can’t secure against threats you don’t know about”, and happy threat modeling!