What is the pattern you are suggesting?
Some loose guidance on what threat modelling is, and how it can be incorporated into software design
From OWASP -
Threat modeling is a family of activities for improving security by identifying threats, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. A threat is a potential or actual undesirable event that may be malicious (such as DoS attack) or incidental (failure of a Storage Device). Threat modeling is a planned activity for identifying and assessing application threats and vulnerabilities.
What would be the benefit to the Home Office of following this pattern
Teams would have direction on a process they can use to identify threats and then design mitigations for them. This would increase visibility of threats to our systems and inform proportionate security. This would then enable more threats and risks to be mitigated.
Threat modelling is a known technique that supports our engineering principles of zero trust and proportionate security
How do people implement this pattern
There are a number of different approaches to threat modelling. Even basic ones provide significant benefits. This pattern will point teams to approaches they can use.
Additional information
Add any other information you think would be useful here
[x] I have looked through our existing patterns and think this is not covered elsewhere
[x] I have checked through the open issues on the repository and this pattern has not already been suggested
What is the pattern you are suggesting? Some loose guidance on what threat modelling is, and how it can be incorporated into software design
From OWASP - Threat modeling is a family of activities for improving security by identifying threats, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. A threat is a potential or actual undesirable event that may be malicious (such as DoS attack) or incidental (failure of a Storage Device). Threat modeling is a planned activity for identifying and assessing application threats and vulnerabilities.
What would be the benefit to the Home Office of following this pattern Teams would have direction on a process they can use to identify threats and then design mitigations for them. This would increase visibility of threats to our systems and inform proportionate security. This would then enable more threats and risks to be mitigated.
Threat modelling is a known technique that supports our engineering principles of zero trust and proportionate security
How do people implement this pattern There are a number of different approaches to threat modelling. Even basic ones provide significant benefits. This pattern will point teams to approaches they can use.
Additional information Add any other information you think would be useful here