Remote Threat Modeling

When (day):
Mon
At:
15:00 - 16:00
Watch
Zoom link will be available very soon



Session Video

About this session

Here is the chat we had in the session:

18:47:31	 From André Ferreira : Please share the link :)
18:47:52	 From James Bore : https://securitycards.cs.washington.edu/
18:48:14	 From André Ferreira : Thank you James
18:51:26	 From André Ferreira : Will nag you about a link on that game later, if that exists
18:52:00	 From Dinis Cruz : https://www.youtube.com/watch?v=3roVZNwptOU
18:52:04	 From André Ferreira : I wasn’t lucky, thanks
19:00:21	 From André Ferreira : STRIDE doesn’t relate to business impact, only technical.
19:00:28	 From André Ferreira : Hurray! My 50c
19:00:40	 From André Ferreira : From 2016
19:02:50	 From Garth Boyd : https://www.linddun.org/
19:04:15	 From André Ferreira : eheheh
19:04:17	 From André Ferreira : Thanks for that
19:05:00	 From Garth Boyd : https://www.linddun.org/go
19:05:24	 From Garth Boyd : Online game https://distrinet.cs.kuleuven.be/software/linddungo/
19:05:37	 From André Ferreira : A lot of information in this cards
19:07:39	 From James Bore : https://en.wikipedia.org/wiki/Parkerian_Hexad
19:09:12	 From Didar Gelici : If you are not in our slack : https://join.slack.com/t/os-summit/shared_invite/zt-eptzb479-POZlYeYI1vaNNZzVatF2ag
19:15:07	 From André Ferreira : Is there any ISO or INT standard regarding the creation of a threat model that you guys know?
19:15:16	 From André Ferreira : The model itself
19:15:35	 From André Ferreira : Diagram, entry points, list of threats, countermeasures, etc
19:20:00	 From James Bore : https://attack.mitre.org/
19:27:46	 From André Ferreira : Use cases And misuse and abuse cases
19:28:05	 From André Ferreira : A business analysis could write those
19:38:57	 From JvdV : Really interesting discussion. Sorry I couldn’t be more involved (family demands) and sadly I need to run now - thanks, Jasper
19:39:20	 From Didar Gelici : Thanks Jasper
19:39:35	 From André Ferreira : Following up on the standard, is there nothing guiding documentation as a result of the modelling?
19:43:13	 From James Bore : No standards there I'm aware of other than common practices.
19:43:46	 From James Bore : Anderson report: http://csrc.nist.gov/publications/history/ande72.pdf

19:54:03	 From André Ferreira : This document is probably one of the references used for ISO/IEC/IEEE 29148, would love to know the context of this
19:54:11	 From André Ferreira : * this being the Anderson report