Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015.

Slides:



Advertisements
Similar presentations
Researching Physics Web-based Research. Learning objectives Evaluate websites for reliability, level and bias. Reference websites to allow another person.
Advertisements

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.
The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
© 2003 Turoff 1 The Nature of Information Systems and Employment in IS Murray Turoff Information Systems Department.
Roles of IT Personnel Unit Customer Service This is a facility that helps customers with wide-ranging questions relating to a specific company,
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.
 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,
Safe Computing Outreach Joseph Howard Undergraduate Research Assistant 05/01/2015 Disclaimer: This research was supported by the National Science Foundation.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Agenda Last class: Internet Literacy Lab Today: Internet Safety.
Review of Lesson One Material From Start To Finish Review.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Social impacts of IT Mohammed Mustafa. Local community Developments in IT have led to people shopping online and taking away the community spirit. For.
Networks.
Center for Cybersecurity Research and Education (CCRE)
David Brookins Katherine Galang Earron Twitty CSCE 590.
My Digital Footprint By Alanya Davignon.
What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling  OCTAVE Risk/Threat.
Critical Security Controls & Effective Cyber Defense Hasain “The Wolf”
Lesson Title: Media Interface Threats, Risks, and Mitigation Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Applications of computer
Databases vs the Internet Coconino Community College Revised August 2010.
1 Principles of Information Technology Investigating IT Employment Opportunities IT: Principles of Information Technology – Investigating IT Employment.
How to download the latest version of AVAST Antivirus for free?
Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015.
Women In Technology: More Than Just Code….
Databases vs the Internet
Principles of Information Technology
IT Security  .
How to use the internet safely and How to protect my personal data?
Databases vs the Internet
Associate Degree in Cyber security
Welcome to Milton’s Parts Express
How do we buy and sell on the Internet safely?
How to use the internet safely and How to protect my personal data?
Secure Software Confidentiality Integrity Data Security Authentication
MIGRATING TO NEW TECHNOLOGY
McAfee Activate  McAfee offers advanced security solutions to the computer users across the globe.  It offers a wide selection of antivirus and internet.
Careers in IT.
Technology, Careers, and Job Hunting
script/
Providing Network Services
THE INTERNET.
Robert W. Lingard California State University, Northridge
How to Install Vipre Antivirus on Windows 10 PC?
CIS 333Competitive Success/tutorialrank.com
HOW TO DOWNLOAD THE LATEST VERSION OF AVAST ANTIVIRUS FOR FREE?
CIS 333 Education for Service-- tutorialrank.com.
CIS 333 RANK Education for Service-- cis333rank.com.
Back to Basics: Internet Explorer
Cambridge National Certificate in Information Technologies
Information Technology
Unit 4: Data Communication
China is Losing a War Over Internet
Richland 1 professional development
Science And Technology. What is Science and technology?
Copyright Gupta Consulting, LLC.
Principles of Information Technology
Researching Physics Web-based Research.
Exploring Web Page Design
Understanding Browsers
Life Sciences Solutions
COMPUTER NETWORKS AND THE INTERNET Chapter 6
Quality & Risk Management
Communicating in the IT Industry
Presentation transcript:

Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015

 Long time in the tech field  Wide range of jobs – Defense, Online, Banking, Airlines, Doc-Com, Medical, etc.  20+ Years software development experience  10+ in Information Security  M.S. and B.S. in Computer Science from the University of Illinois  Active Certifications – CISSP, CSSLP, CISM

 Work for one of the largest providers of pharmacy software and services in the country  Serve as Lead Faculty-Area Chair and for Information Systems Security for the University of Phoenix Online Campus  Carry out independent reading and research for my own company, RBA Communications

The views and opinions expressed in this session are mine and mine alone. They do not necessarily represent the opinions of my employers or anyone associated with anything!

 Part 1 – Threat Modeling Overview  Part 2 – Applying STRIDE to a System  Part 3 – Applying DREAD to a System

 A way to evaluate and rank risks  Evaluate each risk / threat for: Damage Reproducibility Exploitability Affected Users Discoverability Details from

How much damage if it happens? 0 – None, 5 - Individual User Data, 10 – Complete System Destruction

How easy is it to reproduce? 0 – Almost Impossible, 5 – One or Two Steps / Authorized User, 10 – Web Browser and Address – No Auth

What is need to exploit the threat? 0 – Advanced Knowledge and Skills, 5 – Malware Exists on Internet or Easy Exploit 10 – Only a Web Browser

How many users will be impacted? 0 – None, 5 – Some Users, But Not All 10 – All Users

How easy to discover? 0 – Advanced Knowledge and Skills, 5 – Easy to Guess or Find by Monitoring, 9 – Details of Fault Public 10 – Details in URL

 Be Involved  Don’t Monopolize  Work Together

 Pick values for the risks from the previous sessions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.