1778580 - Evolving Threat Modeling for Agility and Business Value

Oct 20, 2021 10:45am ‐ Oct 20, 2021 12:00pm

Overview
Comments

Many threat modeling approaches exist with new techniques and tools to perform the same activity for different scenarios. However, methodologies like DevSecOps pose a huge challenge for threat modelers in incorporating the demands of different teams including scaling and quality issues and in successfully demonstrating business value. This requires moving away from traditional practices to fit DevSecOps needs. After an elaborative study, we introduce a Maturity Model for Threat Modeling, focused on how it can be integrated with the enterprise. You will witness threat modeling as a central tool for security risk management, how various functions in the enterprise can be involved to address risk and finally preparing organizations to experience the right outcome for recommended tool categories at every maturity level.

Learning Objectives:

Address the challenges in traditional threat models to suit DevSecOps methodology.
Describe a maturity model to prepare organizations for the right levels of threats.
Recommend the right tool categories for every maturity level.

Speaker(s):

Simone Curzi, Principal Consultant, Cyber, Microsoft
Dr. Jack Freund, PhD, VP, Head of Cyber Risk Methodology, Bitsight
Arun Prabhakar, Security Consultant, Security Compass
Altaz Valani, Director of Insights Research, Security Compass
Hasan Yasar, Technical Director, Adjunct Faculty Member, SEI, Carnegie Mellon University

Tags:

Intermediate

You must be logged in and own this session in order to post comments.