Virtual Pen Testing Using Risk Models

Closed captioning will be available in English and Japanese for all keynotes and RSAC track sessions.
Please note: All times are in SGT.
  1. Moscone West

This session will demonstrate a methodology for leveraging risk assessment data to model likely scenarios for compromise in your network. The session will explore using agent-based modeling (ABM) for simulating attacker behavior and capability combined with risk data you have about organizational systems, such as control strength, loss scenarios and network location.

Learning Objectives:
1: Understand how to use risk data to model attack paths.
2: See how risk-assessment results can help in penetration testing.
3: Develop a plan for incorporating virtual pen testing in risk reporting.

Application of this methodology depends on a well-built cyber-risk framework that allows for data to be available for input into the model and a risk reporting and governance structure that can understand and utilize the results for prioritization.

Download pdf