Overview
Explore the FAIR STRIDE approach for creating business-relevant application security threat models in this 49-minute conference talk from LASCON. Learn how to bridge the gap between security engineers' risk assessments and senior leadership's perceptions by translating security impacts into monetary terms. Discover the limitations of traditional STRIDE threat modeling and how to enhance it with quantitative risk analysis methods from FAIR. Gain insights into Monte Carlo simulations, probability distributions, and integrating business impact understanding into threat models. Witness a practical demonstration of the model in action, equipping you with tools to effectively communicate security risks and drive strategic initiatives in your organization.
Syllabus
FAIR STRIDE - Building business relevant AppSec threat models - Arthur Loris
Taught by
LASCON