Jump to: navigation, search

Security/Threat Analysis/process

< Security‎ | Threat Analysis
Revision as of 08:42, 5 June 2014 by Shohel (talk | contribs) (Threat Analysis Process)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

OpenStack Threat Modelling Process

Security Threat Modelling in OpenStack

Initiation

At the beginning a new 'Threat Manager' ( one responsible for overall management of the work) for each OpenStack project is selected.

Decomposition Into Component

'Threat Manager' performs initial analysis about the target project, do component break down of the project, gather information about the developers / reviewers relevant to that component. In this phase, 'Threat Manager' communicates the ongoing activity to the target project's core developers.

Draft threat Report For each component

'Threat Manager' or an assigned security analyst together with a relevant core developer/s of a project analyses each component ( DFD, Security assumptions, assest identification) and identify possible threats / security weakness in the target component.

Retrieved from "https://wiki.openstack.org/w/index.php?title=Security/Threat_Analysis/process&oldid=54959"