Virtual Pen Testing Using Risk Models

Posted on in Presentations

This session will demonstrate a methodology for leveraging risk assessment data to model likely scenarios for compromise in your network. The session will explore using agent-based modeling (ABM) for simulating attacker behavior and capability combined with risk data you have about organizational systems, such as control strength, loss scenarios and network location.

Learning Objectives:
1: Understand how to use risk data to model attack paths.
2: See how risk-assessment results can help in penetration testing.
3: Develop a plan for incorporating virtual pen testing in risk reporting.

Application of this methodology depends on a well-built cyber-risk framework that allows for data to be available for input into the model and a risk reporting and governance structure that can understand and utilize the results for prioritization.

Joel Amick


Director, Cyber Analytics and Data Science, TIAA

Jack Freund


Head of Cyber Risk Methodology, Visible Risk (Moody's/Team8 JV)

threat visualization risk management risk & vulnerability assessment penetration testing network security


Share With Your Community