Threat Modeling: Designing for Security

The definitive book on threat modeling. Bruce Schneier called it the IT Security book of the year. Ross Anderson called it authoritative.
Read More > >The New School of Information Security

The age of security as pure technology is long past, and modern practitioners need to understand the social and cognitive aspects of security if they are to be successful. Shostack and Stewart teach readers exactly what they need to know--I just wish I could have had it when I first started out.
— David Mortman,
CSO-in-Residence Echelon One,
former CSO Siebel Systems