SDLCMM & Residual Risk the next chapter

ISSA Theater 4 - Emerging Technology Theatre

Thu 18th Oct 02:00 to 02:50

As we continue to secure our environments external attackers continue to be successful. This is true even with new developments and enhancements to our infrastructure’s security. The subsequent analysis and deployment of changes to our internal and generic Security Development Lifecycle (SDLC) don’t seem to even slow them down. The question on everyone’s mind is ‘why are they successful?’. The answer is as because we have gaps in our defenses. Phrased differently we have unmitigated residual risks in our defenses or environment. While the answer sounds easy, the solution isn’t… Or maybe it is.

What you will take away from this session

  • examining an infrastructure
  • generating a ‘quantitative’ security preparedness measurement
  • applying a winnowing technique to identify potential successful attacks
  • as well as a methodology for analyzing and overlaying evolving attacks


Speaker Name Profile
Michael Angelo View Profile