Disable ads (and more) with a membership for a one time $4.99 payment
In threat modeling, which step follows 'Identify security objectives'?
Application overview
Identify vulnerabilities
Identify threats
Decompose the application
The correct answer is: Application overview
In the context of threat modeling, the step that follows 'Identify security objectives' is focused on establishing a clear understanding of the application being analyzed. This is where an application overview comes into play. It is crucial to comprehend the architectural design, components, data flows, and interactions of the application to effectively assess security concerns. By gaining a thorough overview, security professionals can identify how various elements of the application are interconnected, which assists in pinpointing potential vulnerabilities or threats later in the process. This foundational step lays the groundwork for more detailed assessments, ensuring that the analysis is contextual and relevant to the specific application and its objectives. Understanding the application’s overview supports subsequent activities like threat identification and vulnerability assessment by providing essential insights into the system’s functionality and environment.