Module duration: 4 hours
An essential step to define a strategy of protection for a system, is the modeling of the system and the threats that it is subjected to. The protection strategy must be efficient and proportional to the potential damages that the system may face. We show the concepts needed to create a strategy of risk management, and discuss why this strategy has to be considered as a fundamental element of a security standard.
The aim of this module is to understand what kind of risk management-related requirements and concepts are typically present in cybersecurity standards and guidelines, what a threat modeling is and how to practically execute a threat modeling activity.
This module provides to the audience:
• An extended theoretical discussion about the requirements in the risk management context
• A discussion about how to execute a threat modeling building on the cybersecurity standards and guidelines
• A practical example on how to compute a threat modeling activity, focusing on the needed pieces of information and the methodology
The module is targeted at professionals working for companies that need to ensure that their component, product or system has security commensurate with its expected level of risk throughout the product's life-cycle.