A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Decision Analysis Applications in Threat Analysis Frameworks - Emily Shawgo Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Decision Analysis Applications in Threat Analysis Frameworks
Emily Shawgo
Derbycon 2018

In the modern age, all organizations face threats from various types of cyber attacks. Although great strides have been made to consider human factors in cybersecurity and to become more proactive in threat analysis, security is still generally a reactive, technical field. This research seeks to develop a framework which adapts existing methods such as the cyber kill chain to look at attacks in a less linear, more human-centered framework that focuses on the capabilities and decisions of the threat actor. In addition, the framework approaches threat analysis from a binary assessment of success vs. failure in order to see the entire attack and consider the potential for a number of methods and attempts made in a single attack. A detailed methodology and sample charts are included for a reference and a starting point in developing one’s own personalized charts, and recommendations are made for ways to integrate this methodology into the risk management process.

Emily has recently graduated from Carnegie Mellon University with a master's degree in Public Policy and Management with a concentration in Cybersecurity Management. She also has an undergraduate degree in Psychology and Political Science from Carlow University. Emily's interests lie in penetration testing, threat analysis, and applying the study of human behavior to the field of cybersecurity.

@EmilyShawgo

Back to Derbycon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast