CDPSE · Question #118
When is the BEST time during the secure development life cycle to perform privacy threat modeling?
The correct answer is B. Early in the design phase. Privacy threat modeling identifies how personal data could be misused, exposed, or improperly collected within a system. Performing it early in the design phase (B) is optimal because design decisions-data flows, storage choices, access controls, third-party integrations-are stil
Question
When is the BEST time during the secure development life cycle to perform privacy threat modeling?
Options
- AWhen identifying business requirements
- BEarly in the design phase
- CDuring functional verification testing
- DPrior to the production release
How the community answered
(37 responses)- B95% (35)
- C3% (1)
- D3% (1)
Explanation
Privacy threat modeling identifies how personal data could be misused, exposed, or improperly collected within a system. Performing it early in the design phase (B) is optimal because design decisions-data flows, storage choices, access controls, third-party integrations-are still being made. Threats identified at this stage can be mitigated through design changes at the lowest possible cost. Performing it during business requirements gathering (A) is too early because the system design context needed to identify concrete threats does not yet exist. During functional testing (C) or just before production release (D) are far too late-by then, redesign is costly and disruptive, and many privacy risks will already be baked into the architecture.
Topics
Community Discussion
No community discussion yet for this question.