Virtual Pen Testing Using Risk Models

Posted on in Presentations

This session will demonstrate a methodology for leveraging risk assessment data to model likely scenarios for compromise in your network. The session will explore using agent-based modeling (ABM) for simulating attacker behavior and capability combined with risk data you have about organizational systems, such as control strength, loss scenarios and network location.

Learning Objectives:
1: Understand how to use risk data to model attack paths.
2: See how risk-assessment results can help in penetration testing.
3: Develop a plan for incorporating virtual pen testing in risk reporting.

Application of this methodology depends on a well-built cyber-risk framework that allows for data to be available for input into the model and a risk reporting and governance structure that can understand and utilize the results for prioritization.

Jack Freund


Head of Cyber Risk Methodology, Visible Risk (Moody's/Team8 JV)

Joel Amick


Director, Cyber Analytics and Data Science, TIAA

security & threat visualization risk management risk & vulnerability assessment penetration testing network security


Share With Your Community