• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

Behavioral Threat Modeling

Information Security is failing to defend our assets because we’ve been distracted by possible risks (unknown unknowns) and are wasting resources as a result. Even experts perform little better than random chance at prediction, so we need to stop trying to prevent what we can’t predict. By focusing on threats, (known unknowns) we can adapt our defenses to the likely attacks, and more efficiently reduce our risk exposure.

Research conducted by the Secret Service demonstrated that while malicious threats don’t fit a common profile, they exhibit common attack behaviors. The Verizon DBIR will be used to show how security incident data can be used to build a model of attackers based on their behaviors, which can be used to design more effective defenses, and adapt over time as threats change tactics. Behavioral threat models can help focus our limited resources, determine which controls work (some for the right reasons, some not), which controls don’t, and maximize the value of your security investment.

Past and current threat modeling approaches, including STRIDE, will be discussed and compared to Behavioral Threat Modeling.

Key learning points:
  • Current research on targeted and insider threats
  • Effectively model threats by systematically documenting threat behaviors
  • Use threat models to evaluate the effectiveness of security designs

About John Benninghoff

JOHN BENNINGHOFF is a long-time student and practitioner of managing information risk. He currently leads the Application Security team at Express Scripts, integrating security into the company’s emerging DevOps practice through better quality engineering. His 20-year career in Information Security includes diverse experience in in financial services, retail, and government: building a Network IDS and a vulnerability management platform using open-source software, leading security incident response, identity and access management, policy & standards, security architecture, and many compliance initiatives. He is currently pursuing a Masters of Science in Managing Risk and Systems Change at the School of Psychology of Trinity College Dublin (online), with the goal of adapting safety science to information technology in the emerging field of resilience engineering.

Primary Sidebar

Details

Tuesday May 14, 2013
1:00 PM - 2:00 PM
Room 6
Level: Intermediate

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.