The purpose of is to manage our thoughts, feelings, and actions so we can get our writing done.
If humans are in a constant state of personal disappointment over their writing, can you image the anxiety a cat feels?
Then I don’t have to worry about the outcome of my stories.
From now on, when I dictate my stories to my typist, I will take Elkins’s advice, and tell myself my writing will be crap.
Until then, a company can build a custom process based on the following guidelines.
As you can see, there are a lot of steps that can be taken to integrate security at different stages in the SDLC.
After all, every step -- however small -- is a step forward in securing your application.
Some other links to check out to find more details on some of the individual topics mentioned here: Data classification * case *Threat modeling enhanced with misuse cases * Initial Industrial Experience of Misuse Cases in Trade-Off Analysis * Capturing Security Requirements through Misuse Cases(PDF) Security patterns *Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management -- Chapter 8 * Security Patterns for J2EE Applications, Web Services, Identity Management, and Service Provisioning Threat modeling * Threat Modeling (Microsoft Professional) (Book) ------------------------------- About the author: Anurag Agarwal, CISSP, works for a leading software solutions provider where he addresses different aspects of application security.
For the most part, however, companies lack guidance or even information from which they can learn or use as a guideline.