Threat modeling expert Adam Shostack stresses the importance of running a tabletop exercise for incident response. He says the thing that I see failing when people do a tabletop exercise is they fail to bring the responsible parties into the exercise, he adds. He’s a member of the BlackHat Review Board and helped create the CVE, Common Vulnerabilities and Exposures. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the “Elevation of Privilege” game.”]
Source: https://www.databreachtoday.com/threat-modeling-for-social-issues-a-15854