Example: creating a practice in a large organization
Let’s take the example of a multinational technology corporation called GlobalTech with operations across 45 countries, employing over 85,000 people. The company operates in multiple sectors, including cloud services, enterprise software, IoT devices, and financial technology solutions. With annual revenue exceeding $12 billion, GlobalTech serves both enterprise customers and consumers through various digital platforms and physical products.
However, there are fragmented security practices across the different business units, reactive vulnerability management, and limited visibility into the enterprise-wide threat landscape. Worse, recent security incidents highlight gaps in proactive threat identification. The organization has decided that addressing its threat and attack surface will require a coordinated effort.
The CISO of GlobalTech decided to build a business case for establishing a threat modeling practice...
