Application Risk Modeling @ CSI 2007

The CSI 2007 conference held in Arlington, VA from Nov 3-9 2007 was a blast. In addition to the conference session being very educational, it was a great networking event affording one the opportunity to network with the brightest minds in the industry apropos security. You can access the conference posting here.

I presented on Application Risk Modeling as an integral part of the SDLC (System or Software Development Life Cycle) introducing the Tic-Tive^TM Risk Spectrum.

A preview of the presentation contents is given below.

Figure 1. The SecuRisk^TM Methodology of Application Risk Modeling

Figure 2. The Tic-Tive^TM Risk Spectrum. Where does your organization/company fall in this spectrum?

You can download the entire presentation by clicking on the link below.
Application Risk Modeling; An Integral Part of the SDLC – By Mano Paul

Session Abstract -
The methodology introduced in this session is designed to provide proactive risk analysis and modeling techniques for applications. It addresses obstacles experienced by security professionals due to lack of automation and objective risk modeling fundamentals. Attendees will understand how application risk management results in reducing overall risk within an enterprise and transferring risk to the appropriate business segment.

(ISC)2 Official CISSP Practice Exams and (ISC)2 Official SSCP Practice Exams

(ISC)² is dedicated to creating new value-added services for its prospective and more than 50,000 current members worldwide. One of the most exciting of these is studISCope, our online self-assessment tool that helps candidates assess their knowledge of the CISSP or SSCP CBK^®. Together with our partner, Express Certifications – a company renowned for developing innovative testing and training techniques – (ISC)² can now maximize your learning experience and focus your study efforts more precisely along whichever information security career path you choose.

Read More