How do you integrate a risk-centric strategy to your menace styles and stability method? How do you convey context to cybersecurity challenges? How do you build a more powerful business menace model or software threat model?
This webinar is an introduction into a hazard-centric method to menace modeling and PASTA Danger Modeling. PASTA menace product co-creator, Tony UcedaVélez, will wander you by means of what is PASTA and how to utilize it to your own cyber security functions. We welcome all software package and software builders, architects, and protection experts to sign up for us in creating stronger risk models.
This presentation was element of the OWASP All Chapters Day 2020 as Cooking with PASTA and is also offered on their channel listed here: https://youtu.be/YFxSjiwbv4U
// Much more PASTA Sources AT VERSPRITE //
✦ Find out Far more About PASTA: https://versprite.com/protection-choices/appsec/application-threat-modeling/
✦ Down load an Excerpt From Tony’s Book on PASTA: https://versprite.com/safety-testing/possibility-dependent-danger-modeling/
✦ Blog site – Threat Types as Blueprints for Risk Intelligence, Risk Information (SOCs): https://versprite.com/web site/danger-intelligence/organizational-menace-styles/
// TIMESTAMPS //
00:00 – Welcome to Cooking with Pasta by Tony UcedaVélez
01:24 – Who is Tony UcedaVélez? Creator of PASTA Menace Modeling
02:23 – Presentation Overview
02:58 – What is the PASTA Threat Modeling Methodology? What is Software Possibility?
04:07 – A Temporary Breakdown of every of the PASTA methodology phases
08:50 – What is the System for Attack Simulation & Risk Assessment (PASTA Threat Modeling) and what is its price?
10:55 – What are some of the supporting pursuits to PASTA? Integrating present security endeavours to PASTA levels.
11:51 – Stage 1: How to determine the objectives of the business enterprise or software to create the risk model and incorporating governance and compliance.
15:42 – Phase 2: How to define the complex scope. Knowledge the software attack area and know what it is you’re preserving.
21:29 – Stage 3: How to crack down application components (decomposition). This phase maps the romantic relationship between parts and solutions, “How does this all come jointly?”.
26:27 – Stage 4: Threat Intelligence Intake & Investigation. How to rethink detection reaction applying context.
33:50 – Stage 5: Vulnerability Analysis and Weakness Examination. How to map vulnerabilities/weak point to components of the software product that assist the menace objectives.
43:10 – Stage 6: The Assault Modeling Stage. How to make threat-motivated attack designs and testing threats for viability.
50:39 – Stage 7: How to complete far more efficient residual threat assessment. Focusing on countermeasures that minimize risk to the software risk profile and in general enterprise affect.
59:59 – Q&A and Farewells
// ABOUT TONY //
Tony UcedaVélez is the co-creator of the Course of action for Attack Simulation & Threat Assessment and the CEO of VerSprite. Tony has in excess of 25 yrs of IT/InfoSec do the job throughout a vast array of industries. He is also the OWASP chief for Atlanta, GA.
Link with Tony:
✦ LinkedIn: https://www.linkedin.com/in/tonyuv/
✦ Twitter: https://twitter.com/t0nyuv
// Come across VERSPRITE’S CYBERSECURITY Staff On the internet //
✦ VerSprite: https://versprite.com/
✦ LinkedIn: https://www.linkedin.com/enterprise/versprite-llc/
✦ Twitter: https://twitter.com/versprite/
✦ YouTube: https://www.youtube.com/channel/UCpO73NdAEmRl2Z12fgoY_sw
// ABOUT VERSPRITE //
VerSprite is a leader in operational risk administration and stability advisory products and services, enabling enterprises to improve the protection of crucial belongings, guaranteeing compliance and managing chance. Our mission is to support you fully grasp and strengthen your organization’s cybersecurity posture. With cyberattacks increasing in quantity and sophistication each day, it is vital to guard your organization’s belongings, guard your consumers and to keep the very same, good name and belief you’ve worked tricky to develop. We imagine that an built-in tactic will result in improved and extra value-powerful safety procedures and much better business enterprise results all round.
✦ Take a look at our web page: https://versprite.com/
