Threat Modeling – Improving system security by design

Description:

Cyber-attacks are on the rise and the consequences can be significant for businesses.
The impact can range from unstable system operation over reputational damage to violation of laws and high penalties and ransom payments.
Many security flaws are not based in insecure development/coding errors but are already rooted in the design of a system.

Learn in the EY Threat Modeling workshop about security by design and how architecture related security flaws can be identified and therefore prevented! 
The interactive exercise is designed to allow you as a participant to practice the role of a system security architect to gain an understanding about how architecture and design are impacting a systems security and the importance of securing systems as early as possible. 
After this workshop you will be able to conduct basic Threat Modeling assessments with the aim of identifying major security problems and handling, prioritizing, and mitigating the risks properly! 

The workshop will be conducted by representatives of EY, who perform this type of simulation for companies and their crisis teams and executive members.

 

► Registration: TUMonline

Places are limited! Register until 10.04.2024!

 

Content:

  • Secure Architecture: 
    Basics of architecture modeling, choosing the right architecture presentation for security assessments. 
  • Threat Modeling: 
    Introduction to the concept and background information of Threat Modeling, including motivations and triggers.
    Giving an overall picture of the Threat Modeling Process, commonly used frameworks, tools and the targeted benefit from the procedure.
    Deep dive into STRIDE and DREAD Threat Modeling technique clearly conveyed by real world examples and use cases. 
  • Practical Exercise:  
    Conduct Architecture Modeling and Threat Modeling based on a given system requirements description. 

Prerequisites:

  • For students of computer science, business informatics and comparable 
  • Basic IT knowledge, e.g., System Architecture and Design,  Common Network protocols 
  • Basic knowledge of cyber security topics, e.g., What are typical attack vectors (high level)? What are typical security countermeasures (high level)?
  • Technical: It is of advantage when you bring a laptop with MS Threat Modeling Tool installed  

Language: German

Dates and Location:

  • Part 1: Friday 12.04.2024 | 15:00 - 18:00 | TUM Main Campus Z995
  • Part 2: Friday 19.04.2024 | 15:00 - 18:00 | EY Munich Arnulfstraße 59, 80636 München

Key Takeaways:

By the end of this workshop, participants will have gained:

  • A basic understanding of secure architecture and design 
  • Decompose a systems architecture considering security aspects 
  • Build a Threat Model based on an architecture model 
  • Set the right scope for a security analysis 
  • Identify possible Threats per Component and Communication being part of the Threat Model 
  • Find, prioritize and plan appropriate countermeasures for threat mitigation 

Contact: daedalus@ei.tum.de