Posted by: Michael Howard, Principal Consultant, Cybersecurity
If you have followed this blog, or followed anything Microsoft has done with the Security Development Lifecycle, you’ll know that we are proponents of the benefits of threat modeling as a way to understand the risks to and potential mitigations for a system.
The computer industry is full of systems that look somewhat alike, and have similar “moving parts”; for example, banking, health care, telecommunications and so on. In the wake of high profile attacks on organizations in the retail industry, we thought developing new guidance that helps with the unique requirements and challenges of that industry could be helpful. We decided that the best way to do this was to team up cybersecurity expertise with retail expertise. We combined the security expertise of senior consultants Tim Delong, Mark Simos and myself from the Microsoft Consulting Services Cybersecurity team, with retail industry expertise of Vic Mile and Marty Ramos from Microsoft’s Retail industry vertical team. Read more