VF2018: Security Starts with Risk Assessment and Threat Modelling

Conference: Verification Futures 2018 (click here to see full programme)
Speaker: Duncan Purves (Director), 2 Insight Ltd
Presentation Title: Security Starts with Risk Assessment and Threat Modelling
Abstract: It is very expensive and damaging to your reputation to incorporate security after the event– just ask Equifax and Uber!  You need to evaluate the risk and incorporate security at the Requirement and Design Phase.

It is not feasible to eliminate all risk from a system. Security investments are balanced against the effect of undesirable outcomes. Balancing must be grounded in a realistic assessment of the threats, the risks they pose and how they might prevent the system from fulfilling its intended functions. Costs must be evaluated and a rational selection of implementation choices made to deliver an acceptable return on investment.

Risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.

This talk will provide examples of Internet of Things hacks, an overview of the Risk Assessment process, IoT Attack Surface and Vectors and the tools that you can use to undertake your Threat Analysis which can assist you in developing your test plans.

  • You need to evaluate the risk and incorporate security at the Requirement and Design Phase.
  • Risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.
  • Use risk and threat analysis to: understand the risks; define your security design requirements; mitigate the threats and assist you in developing your test plans.
Speaker Bio: Duncan is a technology consultant with over 25 years’ experience working in the IT, Telecommunications, Internet of Things (IoT), Mobile and the Wireless Data industries for leading companies (IBM, Vodafone, Motorola, BellSouth, Northern Telecom). Duncan is a Founder of the Internet of Things Thames Valley Meetup Group and has engineering management experience in the Defence & Space industry; working for companies involved in ‘state of the art’ microwave, electronic component and system design, development and manufacture.