Explore the critical role of Information Security Risk Assessment (ISRA) in software product development through this insightful 56-minute conference talk from LASCON 2017. Gain practical knowledge on implementing ISRA, focusing on products handling sensitive data. Discover effective methods, practical tips, and valuable lessons learned from a practitioner's perspective. Learn to identify potential risks, assess vulnerabilities, determine risk levels, and develop mitigation strategies. Understand the importance of knowing your product, evaluating risks, acquiring domain knowledge, and adapting to changes. Apply these insights to enhance your software development process and protect against potential security threats.
Information Security Risk Assessment - Lessons from the Front Lines
Overview
Syllabus
Introduction
About Karen Lu
Context
Security Objectives
Identify Potential Risks
Identify Vulnerabilities
Risk Level
Probability
Risk Management
Mitigation
Security Process
Know your product
Evaluate your risks
Have enough domain knowledge
Things always change
Brainstorm
Taught by
LASCON
