Explore the FAIR STRIDE approach for creating business-relevant application security threat models in this 49-minute conference talk from LASCON. Learn how to bridge the gap between security engineers' risk assessments and senior leadership's perceptions by translating security impacts into monetary terms. Discover the limitations of traditional STRIDE threat modeling and how to enhance it with quantitative risk analysis methods from FAIR. Gain insights into Monte Carlo simulations, probability distributions, and integrating business impact understanding into threat models. Witness a practical demonstration of the model in action, equipping you with tools to effectively communicate security risks and drive strategic initiatives in your organization.
FAIR STRIDE - Building Business Relevant AppSec Threat Models
Overview
Syllabus
FAIR STRIDE - Building business relevant AppSec threat models - Arthur Loris
Taught by
LASCON
Related Courses
-
FAIR STRIDE - Building Business Relevant Threat Models
-
Foundations of Cyber Risk Management and FAIRâ„¢
-
Threat Modeling Cloud Services Using Crosswalk Between STRIDE Framework and CSA's CCM
-
Threat Modeling Panel - APPSEC Cali 2018
-
Adaptive Threat Modeling
-
PASTA Threat Modeling: Leveraging Incident Response and Threat Intelligence for Tactical Penetration Testing
