The article defines the concept of threat model. Described a list of current security guidelines for the development and administration of web systems. Formed the list of cybersecurity threats, the consequences of their implementation are determined. Described the process of forming a model of cybersecurity threats of web systems. Defined the list of threats based on the recommendations and experience of authoritative organizations in the world and Ukraine. Defined the concepts of risk, risk index and risk status for the security of web systems. Defined the main principles of risk management in software development projects.
A Tool Framework for Deriving the Application Architecture for Global Software Development Projects