0      0

SECURE North America | 2022

SNAA2208 - Attack Tree-based Threat Modeling - Assessing & Mitigating Risk in an Objective Way


Jun 15, 2022 1:50pm ‐ Jun 15, 2022 2:50pm


Description

Most cybersecurity technologies deal with the past (logs, forensics) or the present (network monitoring, intrusion detection, anti-virus). Although necessary, these approaches are inherently reactive. Attack tree-based threat risk analysis deals with the future. Customers working in critical defense and aerospace applications have long used attack tree analysis to ensure that their systems' architectures will withstand both present day and future attacks. In the attack tree analysis process, the analyst builds a graphical, mathematical model of the system they wish to protect, and descriptions of the system's adversaries. Analysis reveals the attacks the adversaries are most likely to use and the best countermeasures. It is especially applicable to industrial control system (ICS) security and an ICS example will be presented.

Learning Objectives:
  • Attendees will learn how attack tree models can help them identify and prioritize the controls that will be most beneficial for their systems.
  • Discover how attack tree models can predict how their system is most likely to be attacked.

Speaker(s):

You must be logged in and own this session in order to post comments.