GrrCon posted video of my 2013 talk. My talk is kicking off a collaboration with #misec to create a threat modeling methodology. We held our first working session on 10/26. The next steps include talks at BSides Jackson (Mark Kikta), at next week’s #misec meeting (Steven Fox and me), and next month’s ISSA meeting (Mark and me). A formal threat modeling workshop will be held in Q1 2014. Stay tuned for more.
GrrCON 2013- Beautiful Models – J Wolfgang Goerlich
http://www.youtube.com/watch?v=82_lYv5CDy8
We need beautiful models. Models attract and hold your attention. They excite you. They prompt action. And action, excitement, and focus is exactly what is needed to defend IT. By models, of course, we mean threat models. Intricate and beautiful, a good threat model tells a story. It indicates what we are protecting and where the attacks may come from. Done right, modelling highlights both the strengths and weaknesses of our IT. It becomes a means for strengthening and focusing our efforts. We need beautiful models to see what is and what could be.
This session will explore threat modeling as part of the secure development lifecycle. A case study will be presented. The stories are real and only the names have been changed to protect the innocent. Beautiful Models answers the question: what is it that makes a threat model beautiful and actionable?
Posted by