Threat Modelling and Black Swans - Predicting the unpredictable by thinking like an attacker presented at BSidesManchester 2019

by Nick Dunn,

Summary : Threat modelling is a useful tool for improving the security of a system at design time and for developing effective test plans. Unfortunately, it's very common for threat models to concentrate heavily on technical attacks and what are traditionally accepted as common attack types, while avoiding social engineering, physical and other more unusual or less technical attacks. This often results in limited test coverage or a failure to anticipate the full range of threats.This talk will explain a methodology for building threat models that combine typical technical threats with unexpected 'Black Swan' events, using real-world examples to illustrate the process.