Three Ways to Discover Technical Security Requirements?

Three Ways to Discover Technical Security Requirements?

14:00 - 15:30 Wednesday 6th April 2022 BST

Beginner

Intermediate

Advanced

Learn how to identify security requirements with your project team!

In this interactive workshop you’ll play two or more tried-and-tested card games on a case study project. They’ll help you to find various kinds of security issue and explore how important they are.

Almost every software product and service nowadays has security and privacy concerns, so it’s vital that we know how to identify possible security requirements. But the requirements are rarely obvious, so we need to use teamwork for ‘threat assessment’ to 'think outside the box'. A popular approach is to use a game format, with prompt cards, such as Adam Shostack’s Elevation of Privilege, Tamara Denning’s Threat Discovery Cards, and Nick Merrill’s Adversary Personas. In this workshop you’ll try playing them, and see how each one works for you.

The workshop is suitable for any ACCU delegate. You will learn a vital technique for secure software, threat assessment; you’ll learn how to run a card-based threat assessment session; and we as a community will all learn about the merits of the different card games.

image

Charles Weir

Dr Charles Weir has thirty years of experience as a researcher, software architect, design consultant and company MD, specialising in applications for terminals and mobile devices. He was technical lead for the world’s first smartphone, the Ericsson R380; and was app security lead for the world’s first Android payments app, EE Cash on Tap.

Charles is researching at Security Lancaster how to help improve the security and privacy of the software systems we create.

image

Lucy Hunt

Lucy Hunt is an IT consultant, software engineer and business analyst with over 20 years in industry and two years as an IT volunteer with VSO Nepal. In 2018 she completed her MSc in Cyber Security at Lancaster University, and is now in the third year of a PhD researching whistleblowing in software engineering.





Your Privacy

By clicking "Accept Non-Essential Cookies" you agree ACCU can store non-essential cookies on your device and disclose information in accordance with our Privacy Policy and Cookie Policy.

Current Setting: Non-Essential Cookies REJECTED


By clicking "Include Third Party Content" you agree ACCU can forward your IP address to third-party sites (such as YouTube) to enhance the information presented on this site, and that third-party sites may store cookies on your device.

Current Setting: Third Party Content EXCLUDED



Settings can be changed at any time from the Cookie Policy page.