learning objectives:
* explain why "security is risk management"
* describe the process (and subprocesses) of risk analysis / threat modeling
* [apply risk analysis / threat modeling to a software project]

activities:
* Read SSBSI 5: Architectural Risk Analysis
* Read about STRIDE and DREAD
	- https://en.wikipedia.org/wiki/STRIDE_(security)
	- https://en.wikipedia.org/wiki/DREAD_(risk_assessment_model)
* Read Planning Poker or How to avoid analysis paralysis while release planning
	- https://sewiki.iai.uni-bonn.de/_media/teaching/labs/xp/2005a/doc.planningpoker-v1.pdf
* Read Protection Poker: The New Software Security "Game"
	- https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5432145&tag=1
* Play Protection Poker with your project team
	- https://collaboration.csc.ncsu.edu/laurie/Security/ProtectionPoker/

extra:
* watch and review any software risk analysis or threat modeling video
	- post title, link, review on Piazza

assignments:
* None