Cloud Threat Modeling

Presented by

Alexander Stone GETSIN (CISO, RiseUp & Co-chair, Top Threats WG, CSA)

About this talk

Threat modeling serves to identify threats and preventive measures for a system or application. However, threat modeling is one security methodology that has not matched the general rate of cloud adoption, due to a gap in guidance, expertise, and applicability of the practice. Threat modeling for cloud systems expands on standard threat modeling to account for unique cloud services. It allows organizations to further security discussions and assess their security controls and mitigation decisions. The CSA Cloud Threat Modeling best practice attempts to bridge the gap between threat modeling and the cloud. To that end, this publication provides crucial guidance to help identify threat modeling security objectives, set the scope of assessments, decompose systems, identify threats, identify design vulnerabilities, develop mitigations and controls, and communicate a call-to-action. Central lessons include the benefits of threat modeling, the unique knowledge and considerations required when threat modeling in the cloud, and how to create a cloud threat model. Example threat modeling cards are provided and can be used by your team for a more gamified approach.
Related topics:

More from this channel

Upcoming talks (8)
On-demand talks (910)
Subscribers (67886)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa