1. Moscone West 2011

This session will demonstrate a methodology for leveraging risk assessment data to model likely scenarios for compromise in your network. The session will explore using agent-based modeling (ABM) for simulating attacker behavior and capability combined with risk data you have about organizational systems, such as control strength, loss scenarios and network location.

Learning Objectives:
1: Understand how to use risk data to model attack paths.
2: See how risk-assessment results can help in penetration testing.
3: Develop a plan for incorporating virtual pen testing in risk reporting.

Pre-Requisites:
Application of this methodology depends on a well-built cyber-risk framework that allows for data to be available for input into the model and a risk reporting and governance structure that can understand and utilize the results for prioritization.

Download pdf
Participants: