From Attacks To Action – Building a Usable Threat Model To Drive Defensive Choices

Thursday, August 21, 2014

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

From Attacks To Action – Building a Usable Threat Model To Drive Defensive Choices by Tony Sager
Critical Security Controls Close the Threat Gap

By any historical standard, it would be fair to call today the "Golden Age Of Threat". As defenders, never before in our history have we known so much about Bad Guys, vulnerabilities, attacks, incidents, tradecraft, exploitation, etc. But the sharing of threat intelligence is not a miracle cure – it's just the means to an end. We need to translate this information into specific and scalable defensive actions that will prevent and manage these attacks in the first place.

In this webcast, we'll describe how the non-profit Council on CyberSecurity takes community approach to this problem, working with numerous companies and individuals who analyze attacks and adversaries for a living, and then translating that knowledge into defensive actions that are captured in the Critical Security Controls. We'll describe how this has evolved from an informal consensus among trusted friends to a more managed community workflow that directly maps from numerous authoritative threat and incident sources (starting with the Verizon Data Breach Investigation Report of 2013). We also discuss how such an approach naturally synchronizes with various Risk Management Frameworks, including the Executive Order Cybersecurity Framework from NIST.

This approach gives you value from information you don't have time to read, experts you'll never meet, insight you can't develop alone, and most importantly a translation to action that you must have in order to survive. As long as the Bad Guys are beating up on us, we might as well learn something from it.

Brought to you by:



Tony Sager

Tony Sager

Tony Sager is the Chief Technologist and a founding member of the Council on CyberSecurity - an independent, international, non-profit organization whose mission is to identify, validate, and sustain best practices in cybersecurity, including the by people, in the application of technology, and in the use of policy. He leads the development of the Critical Security Controls, a world-wide volunteer consensus activity to find and support technical practices that stop the vast majority of attacks seen today. Tony also serves as the Director of the SANS Innovation Center, a subsidiary of The SANS Institute. Tony retired from the National Security Agency in June 2012 after 34 years as an Information Assurance professional. He created and led the organizations was responsible for some of NSA's most important advancements in cyber defense. He started his career as a Communications Security (COMSEC) Intern Program, and worked as a cryptographer and a software vulnerability analyst.

Sponsor Presenter:

Dwayne Melançon

Dwayne Melançon

Dwayne Melançon is Tripwire's Chief Technology Officer, where he owns a critical role in driving and evangelizing the company's global overall product strategy. He brings over 25 years of security software experience, and is responsible for leading the company's long term product strategy to meet the evolving data security needs of global enterprises.

Melançon joined Tripwire in 2000 and most recently served as Vice President of Products for Tripwire. He has spearheaded numerous initiatives during his tenure, including executive responsibility for business development, professional services and support, information systems and marketing. Prior to joining Tripwire, Melançon held leadership roles at DirectWeb, Inc., Symantec Corporation and Fifth Generation Systems, Inc. He is certified on both IT management and audit processes, holding both ITIL and CISA certifications, and is a frequent speaker at national and regional industry events.

Sustaining Partners