Security Stories are negative “what if” scenarios written from an attacker’s viewpoint, capturing how someone might exploit a system and what the design must do to stop them. Adding them to the requirements backlog lets agile teams handle security risks as part of normal development rather than during a late audit or after a breach.
They map closely onto ITIL (Version 5), supporting risk management, quality, and warranty, and they do most of their work in the design stage of the Product and Service Lifecycle, where building security in costs far less than retrofitting it later.
Read more in my ITSM.Tools Article:
https://itsm.tools/security-stories-itil-v5-agile-service-design/
1TakeOn: thoughts, ideas and insights on ITSM & more. 