CSA Malaysia vSummit 2022
Alexander Stone GETSIN (CISO, RiseUp & Co-chair, Top Threats WG, CSA) will present on "Cloud Threat Modelling." Threat modelling serves to identify threats and preventive measures for a system or application. However, threat modelling is one security methodology that has not matched the general rate of cloud adoption, due to a gap in guidance, expertise, and applicability of the practice. Threat modelling for cloud systems expands on standard threat modelling to account for unique cloud services. It allows organizations to further security discussions and assess their security controls and mitigation decisions. The CSA Cloud Threat Modelling best practice attempts to bridge the gap between threat modelling and the cloud. To that end, this publication provides crucial guidance to help identify threat modelling security objectives, set the scope of assessments, decompose systems, identify threats, identify design vulnerabilities, develop mitigations and controls, and communicate a call-to-action. Central lessons include the benefits of threat modelling, the unique knowledge and considerations required when threat modelling in the cloud, and how to create a cloud threat model. Example threat modelling cards are provided and can be used by your team for a more gamified approach. The program and registration link can be found at CSA Malaysia vSummit 2022.
------------------------------
Hing-Yan Lee
EVP APAC
Cloud Security Alliance
------------------------------