A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Ooops, Now What? :: The Stolen Data Impact Model (SDIM) - Brent Huston Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Ooops, Now What? :: The Stolen Data Impact Model (SDIM) - Brent Huston
Derbycon 2013

"There are plenty of ways to analyze a breach. There are models for the recon, the break in and the exfiltration. But, what if the attacker steals more than database dumps and customer records? How do you model what you just lost in terms of business, competitive advantage and potential damage to the infrastructure? Given today's attacker focus on source code, methodologies, future state plans and architectures for infrastructure, we need a better way to model, analyze and communicate the impacts of what we lost. Enter the Stolen Data Impact Model (SDIM) Project. Led by MSI Security Evangelist & CEO, Brent Huston, the SDIM is a work in progress to answer some of these questions. This talk will introduce the project, cover the goals and progress and leave the audience with more insights into how to understand and discuss what was stolen in information security compromises. Examples will be demonstrated and the framework for analysis will be explained. Take aways will not only include better understanding of the SDIM, but also prepare the audience for using it and participating in its design and maturity."

Brent Huston is the Security Evangelist and CEO of MicroSolved, Inc. He spends a LOT of time breaking things, including the tools/techniques and actors of crime. When he is not focusing his energies on chaos & entropy, he sets his mind to the order side of the universe where he helps organizations create better security processes, policies and technologies. He is a well recognized author, surfer, inventor, sailor, trickster, entrepreneur and international speaker. He has spent the last 20+ years dedicated to information security on a global scale. He likes honeypots, obscure vulnerabilities, a touch of code & a wealth of data. He also does a lot of things that start with the letter “s”. You can learn more about his professional background here: http://www.linkedin.com/in/lbhuston & follow him on Twitter (@lbhuston).

Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast