Description: At DeepSec 2014 Vlado Luknar presented the ingredients for a risk assessment tool and how you go about to build one for your organisation.
„Risk assessment should reflect the overall security knowledge and experience accumulated over the years in the company. This knowledge is company-specific, and applying it should not be dependent on/bound to any proprietary methodology, vendors and their products. Never-ending queset for the "best" tool or methodology is a futile exercise.
Existing commercial or free tools are (often) done by programmers, process/audit/compliance “gurus” and other people who were never managing security in a real company.
The consequence of which is that you'll spend 80% of your time on things which solve only 20% of your real security needs.
In the end it is you, the security specialist, who adds the most value to a risk assessment / threat modelling process for your company. The practical your risk management process supported with a custom-made tool is a vehicle through you can actually demostrate how to link security to business goals.“
For More Information Please Visit:- https://www.deepsec.net/
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.