Michael Howard,

Thanks for sharing the knowledge, written down in your article "Secure
Systems Begin with Knowing Your Threats".
As part-developer of DHM for Security Management I would like to link to
the DHM site http://www.dhm.nl
DHM for security management is a structure for taking measures (from
policy level til execution level, quality assurance included) against
unauthorized influence of corporated business. But the DHM structure can
also be used for Incident Control Management (Ic-Mgt).
The structure of Informationsecurity, based upon the Code, fits in the
DHM structure as if the were made for eachother.
Perhaps we can communicate and discuss about some rising matters.

Looking forward to your responding E-mail

Bert Duijndam RSE
Lecturer Security Management

hi bert

thanks for the comments - by any chance do you have a single whitepaper that
explains your model. i have no problem with you using any of the STRIDE material
in your work - it's all public!

but i do have one reservation. from experience, the moment you give people
a large overall design method to work to, they won't use it, unless they
are designing government, safety critical or military systems.

"Bert Duijndam" <dubre@casema.net> wrote:
>
>Michael Howard,
>
>Thanks for sharing the knowledge, written down in your article "Secure
>Systems Begin with Knowing Your Threats".
>As part-developer of DHM for Security Management I would like to link to
>the DHM site http://www.dhm.nl
>DHM for security management is a structure for taking measures (from
>policy level til execution level, quality assurance included) against
>unauthorized influence of corporated business. But the DHM structure can
>also be used for Incident Control Management (Ic-Mgt).
>The structure of Informationsecurity, based upon the Code, fits in the
>DHM structure as if the were made for eachother.
>Perhaps we can communicate and discuss about some rising matters.
>
>Looking forward to your responding E-mail
>
>Bert Duijndam RSE
>Lecturer Security Management