foreseeti AB- Threat modeling: The challenge in managing risk of both structural and technical vulnerabilities

No ratings

Presented at E-Crime&CyberSecurityLondon 2018 by

Companies today are experiencing and ever-increasing connectivity and complexity of infrastructure risk management. The underlying challenge today is that infrastructures are complex and interconnected, let alone the fact that a lot is run in the cloud. With the complexity of architectures increasing, the focus on technical vulnerabilities is not enough. Traditional vulnerability scanning offers insight on technical vulnerabilities but lacks the ability to prioritize what to focus on.That said, in general, there needs to be a more holistic approach to ensure that risk is managed in a proper way related to IT infrastructures. Using a combination of technical and structural vulnerabilities, being able to map large infrastructures in a scalable way, needs to be combined with a probabilistic approach in threat modeling, which enables organizations to focus on true risk instead of theoretical risk on a technical level.Taking this further, and being able to focus on true business risk, requires a new approach. At the Royal institute of technology, extensive research has been conducted in threat modeling and the probability of a certain set of parameters to be exploited to get access to an infrastructure. Join this seminar to learn the latest of research on threat modeling from both academia and the corporate world.What attendees will learn:Distinction between technical and structural vulnerabilitiesHow to address the challenges in scaling traditional risk assessments and threat modeling of complex IT infrastructures with objective fact-based dataUsing research findings to perform threat modeling on large corporate IT infrastructuresHow to use threat modeling in the design process of IT infrastructures