Home
overview

In this workshop, you’ll learn what threat modelling is, how it works and how to apply it to systems and applications within the Energy sector. You’ll use real-world, hands-on exercise to apply your new skills directly.

Workshop Leader –

Sebastien Deleersnyder - CEO

About the workshop leader -

As security project leader and information security officer for multiple customers I have built up extensive experience in Information Security related disciplines, both at strategic and tactical level. I specialize in Application Security, combining both my software development and information security experience. In the last 10 years I have performed several successful secure development lifecycle projects in the financial and utility sector, started up software security groups, supported customers in selecting and implementing Web Application Firewalls (WAF), delivered web application security training and closed a lot of audit findings regarding application security :-). I started the Belgian OWASP Chapter Leader, was a member of the OWASP Foundation Board and performed several public presentations on Web Application and Web Services Security. I also co-organized the yearly security & hacker BruCON conference and trainings in Belgium. I have achieved CISSP, CISM, CISA and Prince2 Practitioners certification.
 

- Learn to consider, document, and discuss the security implications of designs at the component or application level.
- Formally answer the question: why do we have/need these security controls?
- Learn a new, structured way of doing risk analyses
- Translate what you need from a technical security point to management level discussions

Workshop programme

8:30 Registration & Coffee

9:00 Workshop Leaders Opening Remarks

Sebastien Deleersnyder

Sebastien Deleersnyder, CEO, Toreon CVBA
View Bio

9:10 Introduction, diagrams

Sebastien Deleersnyder

Sebastien Deleersnyder, CEO, Toreon CVBA
View Bio

Threat modeling introduction
• What is threat modeling?
• Why perform threat modeling?
• Threat modeling stages
• Diagrams
• Identify threats
• Addressing threats
• Document a threat model
Diagrams – what are you building?
• Understanding context
• Doomsday scenarios
• Data flow diagrams
• Trust Boundaries
• Hands-on: diagram basic SCADA environment for process control
 

11:00 Morning Coffee

11:30 Identifying threats – what can go wrong?

Sebastien Deleersnyder

Sebastien Deleersnyder, CEO, Toreon CVBA
View Bio

• STRIDE introduction
• Spoofing threats
• Tampering threats
• Repudiation threats
• Information disclosure threats
• Denial of service threats
• Elevation of privilege threats
• Attack trees
• Hands-on: STRIDE analysis of an Internet of Things (IoT) deployment with an on-premise gateway and secure update service
 

13:00 Networking Lunch

14:00 Addressing Threats

Sebastien Deleersnyder

Sebastien Deleersnyder, CEO, Toreon CVBA
View Bio

• Mitigation patterns
• Authentication: mitigating spoofing
• Integrity: mitigating tampering
• Non-repudiation: mitigating repudiation
• Confidentiality: mitigating information disclosure
• Availability: mitigating denial of service
• Authorization: mitigating elevation of privilege
• Classroom exercise: threat mitigations for industrial applications

15:30 Afternoon Tea

16:00 Hands on exercise - mitigation

Sebastien Deleersnyder

Sebastien Deleersnyder, CEO, Toreon CVBA
View Bio

Attack libraries
• Attack libraries
• CAPEC
• OWASP Top 10
• SANS Top 20 ICS attacks
• Other lists
• Create your own checklist
• Classroom exercise: mapping SANS Top 20 attacks to STRIDE
Practical threat modeling
• Typical steps
• Validation threat models
• Effective threat model workshops
• Communicating threat models
• Updating threat models
Threat modeling resources
• Open-Source tools
• Commercial tools
• General tools

17:30 Workshop leaders closing remarks

+

VENUE

Copthorne Tara Hotel

Scarsdale Place, Kensington, London, United Kingdom

The Copthorne Tara Hotel London Kensington is an elegant contemporary four-star hotel in prestigious Kensington, located just a two minutes walk from High Street Kensington underground station, making exploring easy. The hotel offers well-appointed and comfortable guest rooms combining Standard, Superior and Club accommodation. Club rooms offer iconic views over the city and include Club Lounge access for complimentary breakfast and refreshments. Guests can sample the authentic Singaporean, Malaysian and Chinese cuisine at Bugis Street, traditional pub fare at the Brasserie Restaurant & Bar or relax with a delicious drink at West8 Cocktail Lounge & Bar.

The Copthorne Tara Hotel boasts 745 square meters of flexible meeting space, consisting of the Shannon Suite and the Liffey Suite, ideal for hosting conferences, weddings and social events. Facilities include access to the business centre 24 hours a day, fully equipped fitness room, gift shop, theatre desk and Bureau de Change. With ample onsite parking outside the London congestion charge zone and excellent transport links via Heathrow Airport, the hotel is the perfect location for business or leisure stays. The hotel is within close proximity to the shops of High Street Kensington, Knightsbridge and Westfield London, Olympia Conference Centre, Royal Albert Hall, Kensington Palace and Hyde Park.

 

HOTEL BOOKING FORM

SAVE TO


Outlook Calendar  OUTLOOK CALENDAR
Google Calendar  GOOGLE CALENDAR
ICal Calendar  ICAL CALENDAR
Yahoo! Calendar  YAHOO! CALENDAR

Copthorne Tara Hotel

Scarsdale Place
Kensington
London W8 5SR
United Kingdom

Copthorne Tara Hotel

The Copthorne Tara Hotel London Kensington is an elegant contemporary four-star hotel in prestigious Kensington, located just a two minutes walk from High Street Kensington underground station, making exploring easy. The hotel offers well-appointed and comfortable guest rooms combining Standard, Superior and Club accommodation. Club rooms offer iconic views over the city and include Club Lounge access for complimentary breakfast and refreshments. Guests can sample the authentic Singaporean, Malaysian and Chinese cuisine at Bugis Street, traditional pub fare at the Brasserie Restaurant & Bar or relax with a delicious drink at West8 Cocktail Lounge & Bar.

The Copthorne Tara Hotel boasts 745 square meters of flexible meeting space, consisting of the Shannon Suite and the Liffey Suite, ideal for hosting conferences, weddings and social events. Facilities include access to the business centre 24 hours a day, fully equipped fitness room, gift shop, theatre desk and Bureau de Change. With ample onsite parking outside the London congestion charge zone and excellent transport links via Heathrow Airport, the hotel is the perfect location for business or leisure stays. The hotel is within close proximity to the shops of High Street Kensington, Knightsbridge and Westfield London, Olympia Conference Centre, Royal Albert Hall, Kensington Palace and Hyde Park.

 

HOTEL BOOKING FORM

Title

SubTitle
speaker image

Content


Title


Description

Download


WHAT IS CPD?

CPD stands for Continuing Professional Development’. It is essentially a philosophy, which maintains that in order to be effective, learning should be organised and structured. The most common definition is:

‘A commitment to structured skills and knowledge enhancement for Personal or Professional competence’

CPD is a common requirement of individual membership with professional bodies and Institutes. Increasingly, employers also expect their staff to undertake regular CPD activities.

Undertaken over a period of time, CPD ensures that educational qualifications do not become obsolete, and allows for best practice and professional standards to be upheld.

CPD can be undertaken through a variety of learning activities including instructor led training courses, seminars and conferences, e:learning modules or structured reading.

CPD AND PROFESSIONAL INSTITUTES

There are approximately 470 institutes in the UK across all industry sectors, with a collective membership of circa 4 million professionals, and they all expect their members to undertake CPD.

For some institutes undertaking CPD is mandatory e.g. accountancy and law, and linked to a licence to practice, for others it’s obligatory. By ensuring that their members undertake CPD, the professional bodies seek to ensure that professional standards, legislative awareness and ethical practices are maintained.

CPD Schemes often run over the period of a year and the institutes generally provide online tools for their members to record and reflect on their CPD activities.

TYPICAL CPD SCHEMES AND RECORDING OF CPD (CPD points and hours)

Professional bodies and Institutes CPD schemes are either structured as ‘Input’ or ‘Output’ based.

‘Input’ based schemes list a precise number of CPD hours that individuals must achieve within a given time period. These schemes can also use different ‘currencies’ such as points, merits, units or credits, where an individual must accumulate the number required. These currencies are usually based on time i.e. 1 CPD point = 1 hour of learning.

‘Output’ based schemes are learner centred. They require individuals to set learning goals that align to professional competencies, or personal development objectives. These schemes also list different ways to achieve the learning goals e.g. training courses, seminars or e:learning, which enables an individual to complete their CPD through their preferred mode of learning.

The majority of Input and Output based schemes actively encourage individuals to seek appropriate CPD activities independently.

As a formal provider of CPD certified activities, SMI Group can provide an indication of the learning benefit gained and the typical completion. However, it is ultimately the responsibility of the delegate to evaluate their learning, and record it correctly in line with their professional body’s or employers requirements.

GLOBAL CPD

Increasingly, international and emerging markets are ‘professionalising’ their workforces and looking to the UK to benchmark educational standards. The undertaking of CPD is now increasingly expected of any individual employed within today’s global marketplace.

CPD Certificates

We can provide a certificate for all our accredited events. To request a CPD certificate for a conference , workshop, master classes you have attended please email events@smi-online.co.uk

Event Title

Headline

Text
Read More

I would like to speak at an event

I would like to attend an event

I would like to sponsor/exhibit at an event

SIGN UP OR LOGIN

Sign up
Forgotten Password?

Contact SMi GROUP LTD

UK Office
Opening Hours: 9.00 - 17.30 (local time)
SMi Group Ltd, 1 Westminster Bridge Road, London, SE1 7XW, United Kingdom
Tel: +44 (0) 20 7827 6000 Fax: +44 (0) 20 7827 6001
Website: http://www.smi-online.co.uk Email: events@smi-online.co.uk
Registered in England No: 3779287 VAT No: GB 976 2951 71




Forgotten Password

Please enter the email address you registered with. We will email you a new password.

Thank you for visiting our event

If you would like to receive further information about our events, please fill out the information below.

By ticking above you are consenting to receive information by email from SMi.
Full details of our privacy policy can be found here https://www.smi-online.co.uk/privacy-legals/privacy-policy/.
Should you wish to update your contact preferences at any time you can contact us at data@smi-online.co.uk.
Should you wish to be removed from any future mailing lists please click on the following link http://www.smi-online.co.uk/opt-out