Beyond obligations linked to compliance and contracts, many businesses also establish internal IT security goals. They might seek to configure access controls based on the principle of least privilege, for example, or enforce zero-trust policies on their networks.
Threat modeling can help put these policies into practice by allowing organizations to identify where their risks actually lie. Viewed from this perspective, threat modeling serves as a practice that italy whatsapp number data the IT organization as a whole can embrace because it helps achieve larger goals – namely, those related to internal governance and security strategy.
Leverage Chargebacks
Finding the budget to fund threat modeling can be challenging, especially because, again, the cost involves more than just purchasing a tool. You also have to account for the staff time that goes into creating and maintaining threat models.
Chargebacks can help. Using chargebacks, business leaders can effectively give contributors “credit” for helping with threat modeling initiatives. This creates an incentive for departments from across the organization to contribute to threat modeling, even if it’s not formally part of their jobs. It also helps provide visibility into the cost of threat modeling and makes it easier to budget adequately for threat modeling initiatives.