Rapid Fire Threat Modeling presented at BSidesColumbus 2014

by Mark Kikta, Wolfgang Goerlich,

Summary : Everyone is talking about threat modeling. But when you get down to it, few are doing threat modeling. The reasons are simple: modeling can be complicated, there is conflicting information, and it is not clear what to do with the finished model. This session presents a pragmatic threat modeling exercise that can be accomplished in an afternoon. We will review how to find sources for threat models, communicating the findings, auditing and assessing the available controls, and driving change within the organization. In sum, this talk presents a practical approach to rapidly getting the most from threat modeling.