A key part of protecting the systems we use is knowing the specific threats they face. Many of these may seem obvious, but knowing which systems are vulnerable to which threats is a key part of making sure our protection efforts are effective and efficient. None of us has enough resources to do everything, so we must focus on the defenses that protect us from the most important threats we face.
The practice of threat modeling is a key part of doing this. It allows us to find the most likely and most important threats our systems face. These findings can then be ranked, so we can focus on the most important risks first.
This class will help you understand what to do to find the threats and then look at the ways to properly mitigate the most important ones. Knowing the terminology and processes will provide a basis for understanding how to effectively use threat modeling. Hands-on exercises will be used throughout the class to reinforce the material and to enhance the research skills needed to find the top threats and the best ways to mitigate them with the resources we have.
Class participation will be encouraged whenever possible and each of you can be as active as you wish in the learning process. Learning from peers will also be an important part of the course. Class discussions will follow many activities to give everyone a chance to draw out new insights and reinforce specific points.
Topics will include:
Example systems will be provided in the class, but feel free to bring any system you want to work on if you can do so without compromising any sensitive details. The idea will be to put the concepts into practice on real-world systems or ones that look like them.
Needed during the class: