Export to
Monday, May 16, 2016 at 11:04am and last updated
Thursday, June 16, 2016 at 9:14am.
OWASP: Add TAL, improve a threat model!
Plenty of visitor parking on site. Once inside, come to suite 700. WebMD will be providing pizza for attendees!
Website
Description
Add TAL, improve a threat model!
To improve your (threat) modeling career, you need a better (threat) agent (library)! Threat modeling is a process for capturing, organizing, and analyzing the security of a system based on the perspective of a threat agent. Threat modeling enables informed decision-making about application security risk. In addition to producing a model, typical threat modeling efforts also produce a prioritized list of security improvements to the concept, requirements, design, or implementation. In 2009, OWASP posted wiki pages on threat modeling. Although there was the start of a section on threat agents, it has yet to be completed.
Intel developed a unique standardized threat agent library (TAL) that provides a consistent, up-to-date reference describing the human agents that pose threats to IT systems and other information assets. Instead of picking threat agents based on vendor recommendations and space requirements in Powerpoint, the TAL produces a repeatable, yet flexible enough for a range of risk assessment uses. We will cover both the TAL, the Threat Agent Risk Assessment (TARA), how they can be used to improve threat modeling.
Speaker
Eric Jernigan
Information Security Architect
Umpqua Bank
Eric Jernigan is an Information Security Architect at Umpqua Bank and focuses on risk assessment, Secure project support, information security governance, and security awareness. Prior to this, Eric He has also served as an information security manager and adjunct instructor at PCC. He has also served as an active duty Information Warfare Analyst in the Air National Guard in support of NORTHCOM/NORAD. He has almost twenty years of intelligence, counter-terrorism, Information warfare, information security, and compliance experience. His current professional certifications include CISM, CRISC, and CISSP, so love him. A staunch privacy advocate, he hates Facebook.
The Open Web Application Security Project (OWASP) is a 501c3 not-for-profit worldwide charitable organization focused on improving the security of application software. To sign up for future meeting notes and to discuss security topics with local gurus, sign up on the OWASP Portland mailing list: https://lists.owasp.org/mailman/listinfo/owasp-portland
Meetings are free and open to the public.