AppSecCali 2019 - Game On! Adding Privacy to Threat Modeling - Adam Shostack & Mark Vinkovits

uzOdpuAhr28/default.jpg

The Elevation of Privilege card game has been designed for threat modeling based on STRIDE threats, and has since become a widely-deployed tool for security and development teams. One of its many feats is to bridge the knowledge gap between development and security when analyzing a software system, allowing for a structured conversation with intensive knowledge sharing. This is achieved by leveraging elements of game design, allowing for reciprocity and better engagement. These feats make it an ideal candidate to help with other closely related areas where developers need to cooperate with departments like compliance, legal, or privacy. Specifically looking at privacy, due to its obvious relevance recently, this presentation will show an extension of the Elevation of Privilege card game that LogMeIn has adopted to meet its privacy by design requirements. It will show the research that helped define the cards of the suit and give a quick overview of the individual cards. By the end of the talk, practitioners will have a new toolset to include into their security and privacy processes. Furthermore interested listeners will hear methods on how to design extensions to already available games, allowing to incorporate topics they feel necessary for their work practices into fun exercises.

Adam Shostack
President, Shostack & Associates
I'm an entrepreneur, technologist, author and game designer, focused on improving security outcomes for my customers and the industry as a whole. To solve these problems, I create a wide variety of companies and organizations, software, new analytic frameworks, as well as books, games.

Mark Vinkovits
Manager, AppSec, LogMeIn
Mark studied computer science and information security and did his PhD on usable and secure computing. He worked as software, security, and privacy engineer over the past decade, his current position being Mgr. of AppSec at LogMeIn.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...

uzOdpuAhr28/default.jpg
AppSecCali 2019 - Game On! Adding Privacy to Threat Modeling - Adam Shostack & Mark Vinkovits AppSecCali 2019 - Game On! Adding Privacy to Threat Modeling - Adam Shostack & Mark Vinkovits Reviewed by Anonymous on March 25, 2019 Rating: 5