February 1, 2020

258 words 2 mins read

Attack trees: Security modeling for Agile teams

Attack trees: Security modeling for Agile teams

Traditional security approaches to threat and risk management are highly optimized to work within a traditional software development lifecycle. Michael Brunton-Spall shares a new approach to reviewing systems along with real-life examples to help you prioritize where to focus security efforts and what sorts of security threats you should worry about.

Talk Title Attack trees: Security modeling for Agile teams
Speakers Michael Brunton-Spall (Bruntonspall Ltd)
Conference O’Reilly Velocity Conference
Conf Tag Building and maintaining complex distributed systems
Location New York, New York
Date October 1-3, 2018
URL Talk Page
Slides Talk Slides
Video

Agile software development and security often don’t seem to be good bedfellows. Many traditional security methodologies for analyzing risk and threats are based on old military or government development methodologies, which are slow to change and well documented. In addition, these approaches to threat and risk management are highly optimized to work within a traditional software development lifecycle. Michael Brunton-Spall shares a new approach to reviewing systems along with real-life examples to help you prioritize where to focus security efforts and what sorts of security threats you should worry about. This methodology has been trialed, adopted, and used in the UK government under the auspices of the Government Digital Service for Agile programs and in the National Center for Cyber Security from a security perspective. Join in to learn how to approach your system in a new way, how to think like an attacker, how to document, evaluate and rate threats, and how to communicate it effectively to both the team and to senior leadership.

comments powered by Disqus