Session 3.7f Tutorial: Introduction to Threat Modelling
Tracks
| Thursday, November 14, 2024 |
| 2:30 PM - 3:30 PM |
| Swan Room |
Details
The purpose of this tutorial is to provide an overview of tools, techniques and processes to conduct threat modelling. Whether it's a whole organisation and specific project, the role of threat modelling is to provide clarity as far as the stakeholders' risk appetite and prioritisation. This ensures that resources can be effectively applied to projects and that priority information requirements and sustainment are established.
Activities that will form part of this tutorial include:
1) Introduction to threat modelling and overview (40 minutes)
2) Teams mind map of a target environment or project (test projects will be provided) (40 minutes)
3) Unclassified brief on established threats and threat communities incorporating active discussion amongst the participants (20 minutes)
4) Mapping of threats to target environments and scenarios (40 minutes)
5) “Mad minute” presentations and follow-on discussions about threat models presented.
By the end of this tutorial, attendees will have an appreciation of the threat modelling process as a framework to shape and inform their cyber security requirements.
Speaker
Mr Edward Farrell
Director | Principal Consultant
Mercury Information Security Services Pty Ltd
ㅤ
Biography
Edward Farrell is a security consultant with 15 years experience in cyber security and 20 years in technology. As the director of one of Australia’s leading cyber security practices, Mercury, he has conducted or overseen the delivery of over 1000 security assessment activities and incident responses in the past 8 years. His professional highlights include lecturing at the Australian Defence Force Academy, being rated in the top 200 bug bounty hunters in 2015 and running an awesome team of security professionals.
