Security Starts with Risk Assessment and Threat Modelling 2018-03-13T08:51:22+00:00

Verification Futures 2018

Conference:Verification Futures 2018 (click here to see full programme)
Speaker:Duncan Purves (Director), 2 Insight Ltd
Presentation Title:Security Starts with Risk Assessment and Threat Modelling
Abstract:It is very expensive and damaging to your reputation to incorporate security after the event– just ask Equifax and Uber!  You need to evaluate the risk and incorporate security at the Requirement and Design Phase.

It is not feasible to eliminate all risk from a system. Security investments are balanced against the effect of undesirable outcomes. Balancing must be grounded in a realistic assessment of the threats, the risks they pose and how they might prevent the system from fulfilling its intended functions. Costs must be evaluated and a rational selection of implementation choices made to deliver an acceptable return on investment.

Risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.

This talk will provide examples of Internet of Things hacks, an overview of the Risk Assessment process, IoT Attack Surface and Vectors and the tools that you can use to undertake your Threat Analysis which can assist you in developing your test plans.

  • You need to evaluate the risk and incorporate security at the Requirement and Design Phase.
  • Risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.
  • Use risk and threat analysis to: understand the risks; define your security design requirements; mitigate the threats and assist you in developing your test plans.
Speaker Bio:Duncan is a technology consultant with over 25 years’ experience working in the IT, Telecommunications, Internet of Things (IoT), Mobile and the Wireless Data industries for leading companies (IBM, Vodafone, Motorola, BellSouth, Northern Telecom). Duncan is a Founder of the Internet of Things Thames Valley Meetup Group and has engineering management experience in the Defence & Space industry; working for companies involved in ‘state of the art’ microwave, electronic component and system design, development and manufacture.
T&VS NEWSLETTER SIGN-UP
The T&VS newsletters inform you about industry news, events and information from T&VS. No spam, we promise and it is always easy to unsubscribe.
We never share your information. Read our Privacy Statement
Interested in Formal Verification?
Then why not attend the TVS Formal
Verification Bootcamp training?
The 2-day Formal Verification Bootcamp is for design and verification engineers looking to enhance their knowledge of formal verification and to learn how to write effective assertions to find and fix bugs. The course is a mix of presentations and hands-on development exercises.
Bootcamp Enquiry Form
If you are interested in receiving additional information on the course then simply email Mike Bartley (TVS CEO and Course Leader) by entering your details below.
Interested in SystemC?
FREE SystemC UVM Library Now Available
The TVS SystemC UVM library closely mimics UVM but gives users a license free UVM-based verification environment.
Have your product requirements been successfully tested and implemented?
Find out how asureSIGN can help you implement a successful Requirements Driven Verification and Test Strategy by visiting asureSIGN or enter your details and we will be in touch.
Course Dates and Pricing
To receive additional information, including course dates and pricing, please contact our training team who will be happy to help.
Download Request
Please complete the following form then click 'submit' to access the download.
Presentation Request
Please complete the following form then click 'submit' to gain access to the presentations.
DOWNLOAD REQUEST
Please complete the following form and then click 'submit' to gain access to the download.
FREE QA ASSESSMENTS
Did you get what you were looking?

Let the testing experts help. We will run a FREE QA assessment which will include our top 5 recommendations to help maximise your testing.