Chris to present at COSAC 2014

Chris will be presenting two sessions at COSAC 2014 and SABSA world congress held in Ireland between the 28 September and the 2 October 2014.  Visit the COSAC website here for more information.

In his first presentation Reducing the Unknown Unknowns: Using SABSA to Improve Threat Modelling & Risk Assessment, Chris will explore how threat modelling and risk assessment can be improved to reduce the number of “unknown unknowns”. It will cover a range of topics including:

• Presenting the relationship between the identified risks and the business opportunities, goals and objectives.

• Techniques commonly used to identify threats and their relative strengths and weaknesses.

• Approaches to improving the quality and repeatability of threat modelling and risk assessment.

• Using SABSA methodologies and techniques to improve threat modelling and risk assessment.

In his second session called The Theory & Practice of Using SABSA, he will present a model developed to to apply the SABSA framework, methodologies and techniques in a practical way to complete the Strategy & Planning phase of the SABSA Enterprise Security Architecture Lifecycle and presents a real world example of its application to:

• Establish clear accountabilities and responsibilities for information security to ensure that it is considered and addressed at each stage in the lifecycle of a business capability;

• Establish the security services and capabilities required to maximise the opportunities associated with the business capabilities whilst minimising the information security risks;

• Provide a consistent method for the design and implementation of security services and capabilities to reduce the costs and operational complexity by enabling reuse, minimising the implementation of silo-ed point solutions; and

• Provide on-going assurance that its information security risks are being effectively managed by demonstrating that security services and capabilities have been implemented as designed and remain effective during their operational lifespan.