SecureS ystems Begin with Knowing Your Threats

hi bert

thanks for the comments - by any chance do you have a single whitepaper that
explains your model. i have no problem with you using any of the STRIDE material
in your work - it's all public!

but i do have one reservation. from experience, the moment you give people
a large overall design method to work to, they won't use it, unless they
are designing government, safety critical or military systems.

"Bert Duijndam" <dubre@casema.net> wrote:
>
>Michael Howard,
>
>Thanks for sharing the knowledge, written down in your article "Secure
>Systems Begin with Knowing Your Threats".
>As part-developer of DHM for Security Management I would like to link to
>the DHM site http://www.dhm.nl
>DHM for security management is a structure for taking measures (from
>policy level til execution level, quality assurance included) against
>unauthorized influence of corporated business. But the DHM structure can
>also be used for Incident Control Management (Ic-Mgt).
>The structure of Informationsecurity, based upon the Code, fits in the
>DHM structure as if the were made for eachother.
>Perhaps we can communicate and discuss about some rising matters.
>
>Looking forward to your responding E-mail
>
>Bert Duijndam RSE
>Lecturer Security Management