Thursday, December 8, 2022 with Kenneth Crowther (8AM-12PM)
Threat modeling is becoming an increasingly important aspect of cost-effective system design and implementation. The process of threat modeling is to understand the movement of data across a system to identify security and privacy concerns that can be the target of mitigations. This is useful in cybersecurity, product security, supply chain security, and related areas. This helps to tailor your risk management into your design, development, testing, and post-deployment activities to obtain the best security possible at the lowest cost. The workshop will cover: system discovery, construction of data flow diagrams, use of STRIDE, CWE, CAPEC, ATT&CK and other tools to identify threat susceptibilities, prioritization methods for threat susceptibilities to select controls and mitigations, and principles and processes for fitting threat modeling into your activities. While the focus will be on new product/system creation, the principles apply to all digital systems.