Virtual Pen Testing Using Risk Models


Posted on in Presentations

This session will demonstrate a methodology for leveraging risk assessment data to model likely scenarios for compromise in your network. The session will explore using agent-based modeling (ABM) for simulating attacker behavior and capability combined with risk data you have about organizational systems, such as control strength, loss scenarios and network location.

Learning Objectives:
1: Understand how to use risk data to model attack paths.
2: See how risk-assessment results can help in penetration testing.
3: Develop a plan for incorporating virtual pen testing in risk reporting.

Pre-Requisites:
Application of this methodology depends on a well-built cyber-risk framework that allows for data to be available for input into the model and a risk reporting and governance structure that can understand and utilize the results for prioritization.


Participants
Joel Amick

Participant

Director, Cyber Analytics and Data Science, TIAA

Jack Freund

Participant

Head of Cyber Risk Methodology, Visible Risk (Moody's/Team8 JV)

security & threat visualization risk management risk & vulnerability assessment penetration testing network security


Subtopic


Share With Your Community