Our February chapter meeting is on Wednesday, February 3rd, 2015 at 5:45PM. Please RSVP if you plan on attending!
Application Threat Modeling in Risk Management
Abstract: Business and government organizations have wised up to the need for a risk-based management approach to info / cyber / <buzzword>-security. But most security risk assessment efforts get mired in excessive analysis or produce results with little substance to them. Should we be using a kill-chains approach? NIST or ISO frameworks? This presentation examines organizational impact of assets based on value and profiles threat agents from their motivations, capabilities, resources and tactics. We’ll step through using the Microsoft Threat Modeling Tool to make data-flow diagrams and gain insight into the soft spots where these threat agents can make contact, cover insider threats and draw threat profiles that make them real for management. Then we’ll show you how to pull this all together in a form that drives home your point.
Speaker biography: Mel Drews has been security consultant to hospitals, government agencies, universities, electric utilities and financial institutions large and small all around the country. He’s used and built risk assessment tools in many teams with a wide range of capabilities. He also claims expertise in penetration testing, software security, system
hardening, and audit. Mel is a SANS Institute Mentor instructor planning his next course to deliver on web application defense. He’s currently working on software security and risk assessment with a large financial services firm in Michigan.
UPDATE: Download the presentation from Mel’s site here.
Schedule
5:45-6:15PM Networking/Membership signup / Dinner
6:15-7:15PM Presentation
7:15-7:45PM Q&A
NEW LOCATION Location Information
Metro Health IT Facility
985 Gezon Parkway (across from Target loading dock)
Wyoming, MI, 49519