Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015.

Published byRoles S Modified over 7 years ago

Similar presentations

Presentation on theme: "Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015."— Presentation transcript:

1 Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015

2  Long time in the tech field  Wide range of jobs – Defense, Online, Banking, Airlines, Doc-Com, Medical, etc.  20+ Years software development experience  10+ in Information Security  M.S. and B.S. in Computer Science from the University of Illinois  Active Certifications – CISSP, CSSLP, CISM

3  Work for one of the largest providers of pharmacy software and services in the country  Serve as Lead Faculty-Area Chair and for Information Systems Security for the University of Phoenix Online Campus  Carry out independent reading and research for my own company, RBA Communications

4 The views and opinions expressed in this session are mine and mine alone. They do not necessarily represent the opinions of my employers or anyone associated with anything!

5  Part 1 – Threat Modeling Overview  Part 2 – Applying STRIDE to a System  Part 3 – Applying DREAD to a System

6  A way to evaluate and rank risks  Evaluate each risk / threat for: Damage Reproducibility Exploitability Affected Users Discoverability Details from https://www.owasp.org/index.php/Threat_Risk_Modeling

7 How much damage if it happens? 0 – None, 5 - Individual User Data, 10 – Complete System Destruction

8 How easy is it to reproduce? 0 – Almost Impossible, 5 – One or Two Steps / Authorized User, 10 – Web Browser and Address – No Auth

9 What is need to exploit the threat? 0 – Advanced Knowledge and Skills, 5 – Malware Exists on Internet or Easy Exploit 10 – Only a Web Browser

10 How many users will be impacted? 0 – None, 5 – Some Users, But Not All 10 – All Users

11 How easy to discover? 0 – Advanced Knowledge and Skills, 5 – Easy to Guess or Find by Monitoring, 9 – Details of Fault Public 10 – Details in URL

12  Be Involved  Don’t Monopolize  Work Together

13  Pick values for the risks from the previous sessions

14

Download ppt "Brad Andrews, CISSP, CSSLP North Texas Cyber Security Conference 2015."

Similar presentations

Researching Physics Web-based Research. Learning objectives Evaluate websites for reliability, level and bias. Reference websites to allow another person.

Researching Physics Web-based Research. Learning objectives Evaluate websites for reliability, level and bias. Reference websites to allow another person.
Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

Lesson Title: Threat Modeling Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Bridging the gap between software developers and auditors.

Bridging the gap between software developers and auditors.
The development of Internet A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405. QQ is one of the.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.
© 2003 Turoff 1 The Nature of Information Systems and Employment in IS Murray Turoff Information Systems Department.

© 2003 Turoff 1 The Nature of Information Systems and Employment in IS Murray Turoff Information Systems Department.
Roles of IT Personnel Unit 4520. Customer Service This is a facility that helps customers with wide-ranging questions relating to a specific company,

Roles of IT Personnel Unit Customer Service This is a facility that helps customers with wide-ranging questions relating to a specific company,
Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!

Internet Security PA Turnpike Commission. Internet Security Practices, rule #1: Be distrustful when using the Internet!
Security Warnings TROPE: Teachers’ Resources for Online Privacy Education www.teachingprivacy.org 1.

Security Warnings TROPE: Teachers’ Resources for Online Privacy Education 1.
Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.

Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.
 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,

 An Overview of IE 4382/5382 Cybersecurity for Information Systems Susan D. Urban, Ph.D Department of Industrial Engineering Texas Tech University Lubbock,
Safe Computing Outreach Joseph Howard Undergraduate Research Assistant 05/01/2015 Disclaimer: This research was supported by the National Science Foundation.

Safe Computing Outreach Joseph Howard Undergraduate Research Assistant 05/01/2015 Disclaimer: This research was supported by the National Science Foundation.
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.

Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Agenda Last class: Internet Literacy Lab Today: Internet Safety.

Agenda Last class: Internet Literacy Lab Today: Internet Safety.
Review of Lesson One Material Email From Start To Finish Review.

Review of Lesson One Material From Start To Finish Review.
CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.

CHAPTER 14 Viruses, Trojan Horses and Worms. INTRODUCTION Viruses, Trojan Horses and worm are malicious programs that can cause damage to information.
Social impacts of IT Mohammed Mustafa. Local community Developments in IT have led to people shopping online and taking away the community spirit. For.

Social impacts of IT Mohammed Mustafa. Local community Developments in IT have led to people shopping online and taking away the community spirit. For.
Networks.

Networks.
Center for Cybersecurity Research and Education (CCRE)

Center for Cybersecurity Research and Education (CCRE)
David Brookins Katherine Galang Earron Twitty CSCE 590.

David Brookins Katherine Galang Earron Twitty CSCE 590.

Similar presentations

Ads by Google