04 Dec 2020

Cyber Threat Modelling

SEC

As well as preparing a threat model for a new conceptual model I am developing for my research, I was recently asked to give an overview of how threat modelling can assist in architectural and design processes. The request was for a video presentation and so I had two requirements to revisit this topic. Time for revision!

So this post is a landing page for my unlisted YouTube video and useful links I might need to reference. In other words, more useful to me than anyone else who ends up here on their travels!

The video covers:

  • What is threat modelling?
  • What is it used for and why do it?
  • What is the link between threat intelligence and threat modelling?
  • What is the relationship between threat modelling and risk assessment?
  • Example
  • Emerging uses, techniques and tools
  • References & resources

Links and resources:

Link between TM and Risk:

https://www2.cso.com.au/article/664928/link-between-threat-modelling-risk-management/

Microsoft tooling:

https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling

https://docs.microsoft.com/en-us/azure/security/develop/threat-modeling-tool

https://docs.microsoft.com/en-us/archive/msdn-magazine/2009/january/security-briefs-getting-started-with-the-sdl-threat-modeling-tool

Learning TM:

https://medium.com/@roberthurlbut/learning-about-threat-modeling-3f6811e7520c

https://www.mitre.org/sites/default/files/publications/pr_18-1174-ngci-cyber-threat-modeling.pdf

OWASP Application Threat Modelling

https://owasp.org/www-community/Application_Threat_Modeling

CIS Benchmarks

https://www.cisecurity.org/cis-benchmarks/

STRIDE Threat Modelling with Examples

https://www2.slideshare.net/GirindroPringgoDigdo/threat-modeling-using-stride?from_action=save

Adam Shostack

https://adam.shostack.org/blog/category/threat-modeling/

 

 

 

 

17 Nov 2020

COVID-19 RISK – DATA VISUALISATIONS & RESOURCES

C19

Here are some useful data visualisation sites detailing the impact of Covid-19 in different geographies, scenarios and contexts. Some are more useful than others in aiding the understanding of risk:

UK Government:

Summary: https://coronavirus.data.gov.uk

Cases:   https://coronavirus.data.gov.uk/details/cases

Information is Beautiful

A great overview site highlighting not only cases but risk factors:

https://informationisbeautiful.net/visualizations/covid-19-coronavirus-infographic-datapack/

Covid-19 Charts

https://covid-19-charts.net/

Our World in Data

https://ourworldindata.org/coronavirus

Worldometers

https://www.worldometers.info/coronavirus/

World Covid Stats

https://ncov2019.live/

COVID-19 Data Repository by the Center for Systems Science and Engineering (CSSE) at Johns Hopkins University

https://github.com/CSSEGISandData/COVID-19

World Health Organisation

https://www.who.int/emergencies/diseases/novel-coronavirus-2019

The Royal Society | David Spiegelhalter Communicating statistics in the time of Covid

From an excellent talk from David Spieglehalter (link at the bottom) he points out that to build trust, the communications must. be transparent and that:

  1. Data must be accessible – you must be able to get at the data.
  2. Comprehensible – complete and understandable
  3. Usable – it must answer concerns it is generated for
  4. Assessable – can you check the working out? What claims are made?

23 Sep 2020

ADVERSARIAL CYBER SECURITY

SEC

Today I was privileged to give a talk at the excellent DST-UKIERI VIRTUAL WORKSHOP ON ADVERSARIAL CYBER SECURITY. Due to Covid-19 the event was virtual. It was a collaboration between UKIERI, India Institute of Technology Mandi, Department of Science & Technology, London Metropolitan University, C-MRiC, British Council, Carnegie Mellon University and others. 

Full details to the programme:
http://acslab.org/ukieri/

The subject of my talk was entitled “Enhancing Cyber Security Using Audio Techniques” and described my research into a new authentication model using audio steganography.

Super useful resource outlining a new Cyber Recovery Operational Framework was also presented offering a new focus on cyber recovery activities as opposed to the majority of guidance frameworks aimed at protection, detection and response.
https://cyberframework.c-mric.com