A security architect is leading a team through a threat modeling exercise for a new cloud-based healthcare application. Which approach would BEST ensure that all critical vulnerabilities are identified early in the development lifecycle?
Assign threat identification to technical security staff
Document threats after the application architecture is finalized
Apply threat modeling with input from diverse team members
Focus on prior breach patterns in healthcare applications
Using a structured methodology with diverse team members is the most effective approach because it provides a comprehensive framework covering key threat categories (such as authentication bypass, data tampering, and service disruption), while diverse perspectives help identify threats that might be missed by any single discipline. STRIDE is a well-known threat modeling methodology that addresses Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege. Documenting threats after architecture is finalized introduces security too late in development. Focusing on prior breach patterns may miss new or application-specific threats. Having only technical staff perform threat identification excludes valuable perspectives from other stakeholders who understand different aspects of the system.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is threat modeling, and why is it important?
Open an interactive chat with Bash
What is the STRIDE methodology in threat modeling?
Open an interactive chat with Bash
How can diverse perspectives improve threat modeling?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access