February 02, 2007
Slidedeck of my "Threat Modeling and Information Asset Protection" presentation now available
Ok. ok. So enough of you are firing emails to me today asking for the presentation I did last night at the Vancouver TUG about information asset protection and how to use threat modeling to evaluate risk.
So here it is. I put it in a PDF format since most of you are not running Office 2007 yet to read my PPTX anyways.
Remember, its about the information. Everything else is secondary. And if you want to grab Microsoft's Threat Analysis and Modeling tool that I showed some of you, you can download it for free here.
Posted by SilverStr at February 2, 2007 09:32 AM
Nice presentation. I like how you mentioned the need to address architecture and implementation. I've been doing threat modeling for about a year and a half and it's been well received by the application architects in our organization. We've started to do business process threat modeling to try to bring it back even farther into the process. Insecure business processes tend to manifest themselves in the software we build through "creative" architecture and development to meet the business requirements. Like you said in the presentation, the business only cares about the data, and if you can show vulnerabilities in the business process that exposes data, it helps in getting buy-in (and funding) to carry forward throughout the SDLC.
thanks for this nice presentation
I'm really interested in listing to you
when you are delivering it
I will be very thankful if you provide me with the original presentation or if you have a audio/video recorded copy