Over on the Solution Accelerators Security Blog is a post and link to the IT Infrastructure Threat Modeling Guide.

From the guide:

The IT Infrastructure Threat Modeling Guide provides an easy-to-understand method for developing threat models that can help prioritize investments in IT infrastructure security. This guide describes and considers the extensive methodology that exists for Microsoft Security Development Lifecycle (SDL) threat modeling and uses it to establish a threat modeling process for IT infrastructure.

This is one example of what I think will be a growing trend where the lines between infrastructure and development will be blurred. This is a positive as there are a substantial number of best practices in both disciplines that can be shared. A structured approach to threat modeling is a prime example.

Bookmark and Share