security-doc/security-threat-analysis/source/objectives.rst

Objectives for Security Threat Analysis

We assert that after a Threat Analysis we:

• Know all entry points into a system
• Know what assets are at risk
• Know where data is persisted
• Understand how data travels between components of the system
• Understand data formats and transformations
• Document external dependencies
• Identified who we are (and are not) protecting against
• Understand the impact of degrading controls
• Have a list of agreed defects