1 / 23

Threat Modeling in the garden of Eden

Threat Modeling in the garden of Eden. Mano ‘dash4rk’ Paul HackFormers . ABC’s about me. Author Official (ISC) 2 Guide to the CSSLP Advisor (ISC) 2 Software Assurance Advisor Biologist (Shark) Christian CEO, SecuRisk Solutions & Express Certifications . Agenda.

lethia
Download Presentation

Threat Modeling in the garden of Eden

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Threat Modeling in the garden of Eden Mano ‘dash4rk’ Paul HackFormers

  2. ABC’s about me • Author • Official (ISC)2 Guide to the CSSLP • Advisor • (ISC)2 Software Assurance Advisor • Biologist (Shark) • Christian • CEO, SecuRisk Solutions & Express Certifications

  3. Agenda • Teach Security: Threat Modeling • Teach Christ: In the garden of Eden • Discussion

  4. Teach Security Threat Modeling

  5. Threat Modeling • Process/Activity • Systematic to determine applicable threats • Iterative to ensure threats are addressed • A must-have for companies today • Cannot ignore

  6. Why Threat Model? • To manage Risk! • Risk of what? Disclosure/Alteration/Destruction • Risk to what? Assets • Why? Threats agents and Vulnerabilities • So what do we do? Threat Model Identify threats & vulnerabilities • Then what? Manage risk  apply controls • Model threats  Apply controls  Reduce risk

  7. ABC of Threat Modeling • Step 1: Identify Assets • Step 2: Identify Boundaries (Entry/Exit/Flows) • Step 3: Identify Controls • But first we need to identify applicable Threats

  8. Step 1: Identify Assets • Assets (anything of value) • Financial • Personal • Sensitive • Intellectual property

  9. Step 2: Identify Boundaries External Internal DMZ

  10. Step 3: Identify Controls • Oh but first, we need to identify Threats • Threat Identification • Attack Trees • Threat Framework

  11. STRIDE Threat Framework Spoofing Masquerading Tampering Alteration Repudiation Denying Info. Disclosure Data Loss/Leakage Denial of Service Downtime Elevation of Privilege Admin (root)

  12. Identify Controls Appropriate INCORPORATION of Controls reduces Risk Spoofing Tampering Repudiation Info. Disclosure Denial of Service Elevation of Privilege

  13. Teach Christ In the garden of Eden

  14. The Asset • What is man that thou (God) art mindful of him? • Psalm 8:4 • Man - God’s most precious asset • “For you are fearfully and wonderfully made” (Psalm 139:14) • “Created in the image of God” (Genesis 1:27) • Man – God’s most prime asset • Dominion was given to man over all the fish, fowl and all living things that moved upon the earth (Genesis 1:28) • Apex of God’s creation; not Ex-Ape of Evolution

  15. The Boundaries Garden of Eden External

  16. The threats Prelude to the Garden encounter: Lucifer (the devil) tried to elevate himself above God and was thrown out (Ezekiel 28) Elevation of Privilege The fruit which was bad for the soul (spirit) was pleasing to the eye (flesh) (Genesis 3:6) Spoofing God said: You shall not eat of the tree of knowledge … (Genesis 2:17)Devil asked: … you shall not eat of any tree? (Genesis 3:1) Tampering Devil said: Yea, Hath God said - phishing for information (Genesis 3:1) Info. Disclosure Adam said (denied): It wasn’t me, but Eve; Eve said (denied): It wasn’t me, but the serpent (Genesis 3:12,13) Repudiation Access to the tree of life was denied after man disobeyed (Genesis 3:22-24). Denial of Service

  17. The Impact Garden of Eden External

  18. The Control No more boundaries (separation from God);Gift of God is eternal life to all who believe in Jesus Christ– John 3:16 Appropriate INCLUSION of Jesus Christ in our life eliminates the risk of second death Garden of Eden External

  19. Discussion Points • What are some of the “threats” in your personal/professional life? • How are you addressing these threats?

  20. Closing Thoughts try { if (uLikedThisMtg) { getLinkedIn(); subscribeViaEmail(); followAndTweet(); // @hackformers emailUs(); // mano.paul@hackformers.org } else { giveFeedback(); // mano.paul@hackformers.org } } catch(Threats t) { applyControl(God JesusChrist); } finally { ThankUandGodBless(); }

  21. Want More? • Speaker: Michael Howard • Principal Cybersecurity Program Manager, Microsoft • Author, Writing Secure Code and many more … • Topic: TBD • Date: March 09, 2012 • Time: 11:30 a.m. – 1:00 p.m. • Venue: Microsoft Technology Center • www.hackformers.org • @hackformers

  22. Backup

  23. Identify Control

More Related