Introducing Systems Thinking as a Framework for Teaching and Assessing Threat Modeling Competency

arXiv:2404.16632v1 Announce Type: new
Abstract: Computing systems face diverse and substantial cybersecurity threats. To mitigate these cybersecurity threats, software engineers need to be competent in the skill of threat modeling. In industry and academia, there are many frameworks for teaching threat modeling, but our analysis of these frameworks suggests that (1) these approaches tend to be focused on component-level analysis rather than educating students to reason holistically about a system's cybersecurity, and (2) there is no rubric for assessing a …

academia analysis arxiv competency computing cs.cr cs.se cybersecurity cybersecurity threats engineers framework frameworks industry modeling software software engineers systems systems thinking teaching thinking threat threat modeling threats