Shostack + Friends Blog

Posts in category "compliance"

Security Researcher Comments on HIPAA Security Rule

A group of us have urged HHS to require better handling of security reports (20 Mar 2025)

Healthcare Info Security: Podcast Episode with Marianne Kolbasuk McGee

Adam on Healthcare Info Security podcast (07 Apr 2024)

a fuzzy landscape with people reading a map

The Appsec Landscape in 2023

External changes will be driving appsec in 2023. It’s time to frame the decisions in front of you. (05 Jan 2023)

Focused colleagues brainstorming in boardroom; Photo by Anna Shvets from Pexels

How Executives Can Use Threat Modeling

You don’t have to be technical, but you can’t make informed decisions about your business without threat modeling. (18 Mar 2022)

NIST Brings Threat Modeling into the Spotlight

New at Darkreading, a post on NIST and threat modeling (23 Sep 2021)

One of the slides from Adam's RSA presentation

Using Threat Modeling to Improve Compliance (TM Thursday)

Threat model Thursday is not just back, but live again! (20 May 2021)

A PCI Threat Model

Compliance isn't Security, oh and something I wrote. (24 Sep 2020)

3 Arguments for Threat Modeling

Top 3, from Continuum (24 Apr 2019)

Incentives and Multifactor Authentication

What if we gamified security? (01 Feb 2019)

Our Favorite Content

General threat modeling posts

The Security Principles of Saltzer and Schroeder, illustrated with Star Wars

Subscribe (RSS/Mail)

RSS/ATOM: The RSS feed is here. We recommend RSS as the best way to follow this blog, and think generally RSS is the best way to take control of the information you take in. You can read our thinking here.

Email: If you’d like a lower volume set of updates on what Adam is doing, Adam’s New Thing gets only a few messages a year, guaranteed. We include a subset of posts in each.