David Fetter, profile picture
Uploaded byDavid Fetter
KEY, PDF316 views

Threat modeling sf_perl_mongers_20130227

The document discusses threat modeling and how most security measures are implicit rather than explicit. It recommends making threat modeling explicit by following Schneier's Security Wheel to evaluate each security measure: assessing assets, risks, how the measure mitigates risks, new risks it creates, and costs/trade-offs. The speaker argues for bringing all security measures into an explicit threat model, getting diverse input, ensuring each measure addresses credible threats, regularly reviewing the model, and removing outdated measures. The goal is to eliminate "security theater" and make security evaluation everybody's responsibility.

Embed presentation

Download to read offline
Threat Modeling Revolutionized! San Francisco Perl Mongers, 2012/03/27 David Fetter david@fetter.org Copyright© 2012, All rights reserved.
Why I'm Doing This
Every Security Measure is in a threat model
Implicit Explicit 1% explicit 99%
Schneier's Security Wheel ? ¥ £
Schneier's Security Wheel 1. What assets are we trying to protect? ? ¥ £
Schneier's Security Wheel 1. What assets are we trying to protect? 2. What are the risks to those assets? ? ¥ £
Schneier's Security Wheel 1. What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? ? ¥ £
Schneier's Security Wheel 1. What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? 4. What other risks does the security measure cause? ? ¥ £
Schneier's Security Wheel 1. What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? 4. What other risks does the security measure cause? ? ¥ 5. What costs and trade-offs does the security measure impose? £
Schneier's Security Wheel 1. What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? 4. What other risks does the security measure cause? ? ¥ 5. What costs and trade-offs does the security measure impose? £ 6. GOTO 1.
IMPLICIT
Security Theater
also known as
Ludicrous Bullshit
Huge Risk!
Fix the Problem
1. Bring each security measure into the explicit model.
1. Bring each security measure into the explicit model. 2. Engage the widest possible audience in the review.
1. Bring each security measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat.
1. Bring each security measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat. 4. Review the threat model regularly.
1. Bring each security measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat. 4. Review the threat model regularly. 5. Remove security measures that no longer fit.
1. Bring each security measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat. 4. Review the threat model regularly. 5. Remove security measures that no longer fit. 6. GOTO 1
Security is Everybody's Job!
Thanks! • Meredith Patterson, who helped me realize that this wasn't just an idle stray thought. • Devdas Bhagat (who turned me on to Complex Adaptive Systems)
Questions? Comments? Straitjackets?

More Related Content

PPT
Ct es past_present_future_nycpgday_20130322
byDavid Fetter
 
PDF
G so c_and_commitfests_and_pointy_hair_oh_my_sfpug_20131008
byDavid Fetter
 
PPT
Presentación Analisis de Resultados PSU 2008
bymauxmatta
 
PPT
8020rule
bymichelletw
 
KEY
Writeable ct es_pgcon_may_2011
byDavid Fetter
 
PPTX
Success with Synergy
byHollyPSynergy
 
KEY
Lightning sf perl_mongers_20120327
byDavid Fetter
 
KEY
Security revolutionized fosdem_20120205
byDavid Fetter
 
Ct es past_present_future_nycpgday_20130322
byDavid Fetter
 
G so c_and_commitfests_and_pointy_hair_oh_my_sfpug_20131008
byDavid Fetter
 
Presentación Analisis de Resultados PSU 2008
bymauxmatta
 
8020rule
bymichelletw
 
Writeable ct es_pgcon_may_2011
byDavid Fetter
 
Success with Synergy
byHollyPSynergy
 
Lightning sf perl_mongers_20120327
byDavid Fetter
 
Security revolutionized fosdem_20120205
byDavid Fetter
 

Viewers also liked

KEY
View triggers pg_east_20110325
byDavid Fetter
 
PPT
8020rule
bymichelletw
 
PPT
Intergalactic data speak_highload++_20131028
byDavid Fetter
 
PDF
Rdbms roadmap 20140130
byDavid Fetter
 
PPT
Slides pg conf_eu_20131031
byDavid Fetter
 
PPT
Presentation1
byguesta394021
 
PDF
Grouping sets sfpug_20141118
byDavid Fetter
 
KEY
Universal data access_with_sql_med
byDavid Fetter
 
PPT
Federation with foreign_data_wrappers_pg_conf_eu_20131031
byDavid Fetter
 
KEY
PL/Parrot San Francisco Perl Mongers 2010/05/25
byDavid Fetter
 
PDF
Tree tricks osdc_melbourne_20101124
byDavid Fetter
 
View triggers pg_east_20110325
byDavid Fetter
 
8020rule
bymichelletw
 
Intergalactic data speak_highload++_20131028
byDavid Fetter
 
Rdbms roadmap 20140130
byDavid Fetter
 
Slides pg conf_eu_20131031
byDavid Fetter
 
Presentation1
byguesta394021
 
Grouping sets sfpug_20141118
byDavid Fetter
 
Universal data access_with_sql_med
byDavid Fetter
 
Federation with foreign_data_wrappers_pg_conf_eu_20131031
byDavid Fetter
 
PL/Parrot San Francisco Perl Mongers 2010/05/25
byDavid Fetter
 
Tree tricks osdc_melbourne_20101124
byDavid Fetter
 

Similar to Threat modeling sf_perl_mongers_20130227

PPTX
Gainful Information Security 2012 services
byCade Zvavanjanja
 
PDF
Management Information Systems
bymsd11
 
PDF
Describe two methods for communicating the material in an Informatio.pdf
byarchgeetsenterprises
 
PPTX
Risk Mitigation
byprimeteacher32
 
PPTX
Information security management (bel g. ragad)
byRois Solihin
 
PPTX
Acoustic based target recognition based on machien learning
byGulZamanKhan15
 
DOCX
11What is Security 1.1 Introduction The central role of co.docx
bymoggdede
 
PDF
Sensible defence
byKoen Maris
 
PPT
1. security management practices
by7wounders
 
PPT
Information security management
byUMaine
 
PPTX
Information Systems Policy
byAli Sadhik Shaik
 
PPTX
Information Security Discussion for GM667 Saint Mary's University of MN
bySaint Mary's University of Minnesota
 
PPT
OPERATING SYSTEM
byMuruganandamC3
 
PPSX
Cyber Security Awareness Month 2017- Nugget2
byChinatu Uzuegbu
 
DOCX
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
bygitagrimston
 
PPTX
Information Security Lecture One for Basic
byhassankhan978073
 
PPT
INFORMATION SECURITY STUDY GUIDE for STUDENTS
byhenlydailymotion
 
PPT
information security presentation topics
byOlajide Kuku
 
PPT
CISSP Certified Information System Security Professional_009.ppt
bycareerbdaugx
 
PPT
ch01.ppt
bysamsam693199
 
Gainful Information Security 2012 services
byCade Zvavanjanja
 
Management Information Systems
bymsd11
 
Describe two methods for communicating the material in an Informatio.pdf
byarchgeetsenterprises
 
Risk Mitigation
byprimeteacher32
 
Information security management (bel g. ragad)
byRois Solihin
 
Acoustic based target recognition based on machien learning
byGulZamanKhan15
 
11What is Security 1.1 Introduction The central role of co.docx
bymoggdede
 
Sensible defence
byKoen Maris
 
1. security management practices
by7wounders
 
Information security management
byUMaine
 
Information Systems Policy
byAli Sadhik Shaik
 
Information Security Discussion for GM667 Saint Mary's University of MN
bySaint Mary's University of Minnesota
 
OPERATING SYSTEM
byMuruganandamC3
 
Cyber Security Awareness Month 2017- Nugget2
byChinatu Uzuegbu
 
Excel Data Reporting Assignment 3 Data Analysis (Feasibility .docx
bygitagrimston
 
Information Security Lecture One for Basic
byhassankhan978073
 
INFORMATION SECURITY STUDY GUIDE for STUDENTS
byhenlydailymotion
 
information security presentation topics
byOlajide Kuku
 
CISSP Certified Information System Security Professional_009.ppt
bycareerbdaugx
 
ch01.ppt
bysamsam693199
 

Recently uploaded

PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
PDF
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
final.pdf
byomarbishtawi04
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PPTX
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
PDF
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
PPTX
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
PDF
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Security-Fails-in-the-Gaps-Between-Systems.pptx.pdf
byOhhproJunction
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
Self-Correction Failure Diagnostic: Detecting Drift in Complex Systems
bySystems Research Group
 
How to Install XRDP on CentOS 10 .pdf
byGreen Webpage
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
final.pdf
byomarbishtawi04
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Do You Control the AI, or Does the AI Control You?
bymedhateltoukhy
 
The new book “Marketing in the Metaverse” spotlights Scott M. Graffius’ research
byScott M. Graffius
 
Working Session — Build a Document Understanding Automation Using an OOTB ML ...
byDianaGray10
 
NTG -Company Profile_Software_Vendor_Company_in_MENA
byMustafa Kuğu
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 

Threat modeling sf_perl_mongers_20130227

  • 1.
    Threat Modeling Revolutionized! San Francisco Perl Mongers, 2012/03/27 David Fetter david@fetter.org Copyright© 2012, All rights reserved.
  • 2.
  • 3.
    Every Security Measure is in a threat model
  • 4.
    Implicit Explicit 1% explicit 99%
  • 5.
  • 6.
    Schneier's Security Wheel 1.What assets are we trying to protect? ? ¥ £
  • 7.
    Schneier's Security Wheel 1.What assets are we trying to protect? 2. What are the risks to those assets? ? ¥ £
  • 8.
    Schneier's Security Wheel 1.What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? ? ¥ £
  • 9.
    Schneier's Security Wheel 1.What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? 4. What other risks does the security measure cause? ? ¥ £
  • 10.
    Schneier's Security Wheel 1.What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? 4. What other risks does the security measure cause? ? ¥ 5. What costs and trade-offs does the security measure impose? £
  • 11.
    Schneier's Security Wheel 1.What assets are we trying to protect? 2. What are the risks to those assets? 3. How well does the security measure mitigate those risks? 4. What other risks does the security measure cause? ? ¥ 5. What costs and trade-offs does the security measure impose? £ 6. GOTO 1.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19.
    1. Bring eachsecurity measure into the explicit model.
  • 20.
    1. Bring eachsecurity measure into the explicit model. 2. Engage the widest possible audience in the review.
  • 21.
    1. Bring eachsecurity measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat.
  • 22.
    1. Bring eachsecurity measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat. 4. Review the threat model regularly.
  • 23.
    1. Bring eachsecurity measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat. 4. Review the threat model regularly. 5. Remove security measures that no longer fit.
  • 24.
    1. Bring eachsecurity measure into the explicit model. 2. Engage the widest possible audience in the review. 3. Ensure each measure credibly mitigates at least one credible threat. 4. Review the threat model regularly. 5. Remove security measures that no longer fit. 6. GOTO 1
  • 25.
  • 26.
    Thanks! • Meredith Patterson,who helped me realize that this wasn't just an idle stray thought. • Devdas Bhagat (who turned me on to Complex Adaptive Systems)
  • 27.

Editor's Notes

  • #2 Thanks very much to my employer, who does not know about this talk, and may not approve of it when they find out.\n
  • #3 The people who protect the helpless need to do their job right.\n
  • #4 \n
  • #5 \n
  • #6 \n
  • #7 \n
  • #8 \n
  • #9 \n
  • #10 \n
  • #11 \n
  • #12 \n
  • #13 \n
  • #14 \n
  • #15 \n
  • #16 People inside the trust boundary who think security is nonsense, and are in a position to do enormous damage in the process of making their lives simpler.\n
  • #17 \n
  • #18 Do this a little bit at a time and figure out how the system has adapted. Every measure can and will be gamed. Make sure you keep this in mind when designing same.\n
  • #19 Do this a little bit at a time and figure out how the system has adapted. Every measure can and will be gamed. Make sure you keep this in mind when designing same.\n
  • #20 Do this a little bit at a time and figure out how the system has adapted. Every measure can and will be gamed. Make sure you keep this in mind when designing same.\n
  • #21 Do this a little bit at a time and figure out how the system has adapted. Every measure can and will be gamed. Make sure you keep this in mind when designing same.\n
  • #22 Do this a little bit at a time and figure out how the system has adapted. Every measure can and will be gamed. Make sure you keep this in mind when designing same.\n
  • #23 Do this a little bit at a time and figure out how the system has adapted. Every measure can and will be gamed. Make sure you keep this in mind when designing same.\n
  • #24 \n
  • #25 \n
  • #26 \n