Skip to main content
ISC2 Security Congress 2024 Main banner
 
Icon Legend
Additional Fee Required
Additional Fee Required
Pre-Registration Required
Pre-Registration Required
Online & Virtual
Online & Virtual
Onsite Only
Onsite Only
Earn CPE Credits
Earn CPE Credits
Livestreamed Session
Livestreamed Session
Included in Guest Pass
Included in Guest Pass
Invite Only
Invite Only
Session Recorded
Session Recorded
Student Experience
Student Experience
Back

On-Site and Virtual

Security Operations & Network Security

Informing Risk-Aware Decisions With Threat Modelling

Tuesday, October 15, 2024
4:30pm – 5:30pm PT
Location: Roman I
CPE Credits 1
Session Recorded Earn CPE Credits Livestreamed Session Online & Virtual

    Speaker(s)

  • Edward Farrell, CISSP SSCP

    CEO, Director, Principal Consultant
    Mercury Information Security Services
    Australian Defence Force Academy, Australia

The purpose of this talk is to provide an overview of tools, techniques and processes to conduct threat modeling. Whether it's a whole organization or specific project, the role of threat modelling is to provide clarity around stakeholders' risk appetite and prioritization. Structured threat models have been available and widespread. However, these can be hard to apply and grasp, especially in varying contexts. By understanding the concept of threat models, attendees will ensure that resources can be effectively applied to projects and that priority information requirements and sustainment are established.

Learning Objectives:

  • Understand the effectiveness and shortfalls of governance-driven approaches to security.
  • identify different threat modelling techniques and approaches, along with their strengths and limitations.
  • Learn to conduct threat modelling in your own organization, using tools techniques and methods discussed during this talk.