Governance & Risk Management , Insider Threat , Next-Generation Technologies & Secure Development

Threat Modeling for Social Issues

Adam Shostack on the Importance of Tabletop Exercises
Adam Shostack, president, Shostack & Associates

Does your organization have a plan in place if one of your employees is accused via Twitter of being an insurrectionist? If your software was being used to spread plans for a riot, could you detect that? Threat modeling expert Adam Shostack discusses how companies should be prepared to respond to issues in the news.

See Also: A CISO's Guide to Adversary Alignment

Shostack stresses the importance of running a “tabletop exercise” for incident response. “The thing that I see failing when people do a tabletop exercise is they fail to bring the responsible parties into the exercise,” he adds.

In a video interview with Information Security Media Group, Shostack discusses:

  • How to develop a threat model for social issues;
  • Building an incident response plan to mitigate the spread of disinformation;
  • Incident planning and response advice for security leaders in 2021.

Shostack is president of Shostack & Associates, a specialized security consultancy offering threat modeling, security engineering and risk management. He's a member of the BlackHat Review Board and helped create the CVE, Common Vulnerabilities and Exposures. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game.


About the Author

Anna Delaney

Anna Delaney

Director, ISMG Productions

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.