How do you define and measure the value of Threat Modeling?

Why

In most organisations we need to justify the time we spend on tasks. In order to get the budget / approval to do threat modeling we should be able to show the value of threat modeling. Instead of re-iterating standard reasons we would like to define a number of things we can measure to show the value of threat modeling.

What

• How can we define value of threat modeling?
• How can we measure the effect of threat modeling?
• How can we measure the value / impact / monetary savings / … by protecting our achitecture?

Outcomes

A general consensus describing how the value of threat modeling can be defined and if possible measured.

Register as participant

To register as participant add How do you define and measure the value of Threat Modeling? to either:

1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
2. or the participants metadata field from this git session page