Global Information Services Company
The company is a global information services organization based in Europe with more than 10,000 employees. The company had been manually threat modeling but sought to implement a threat modeling solution for scalability, collaboration, and to meet FDA and EU regulations required for their medical software solutions.
Challenges
- Current manual threat modeling process was cumbersome and required specialized knowledge
- Limitations on hours dedicated to threat modeling in addition to turnover and having to train new employees
- Navigating current and future FDA and EU regulations for threat modeling medical devices
Solution
- Implementation of 20+ threat models
- Integration into existing technologies Jira and Microsoft Team Foundation Server (TFS)
Benefits
- Threat modeling is now a requirement in the SDLC
- Increased interest and collaboration among architects and developers of all levels using the tool - champions are now assigned to threat model with new champions being added yearly
- Currently meeting all regulatory requirements with threat modeling with the expectation to meet additional standards in 2024 and beyond
- Decreased time to create a threat model - from weeks to days
