Threat Modeling for Social IssuesAdam Shostack on the Importance of Tabletop Exercises
Does your organization have a plan in place if one of your employees is accused via Twitter of being an insurrectionist? If your software was being used to spread plans for a riot, could you detect that? Threat modeling expert Adam Shostack discusses how companies should be prepared to respond to issues in the news.
Shostack stresses the importance of running a “tabletop exercise” for incident response. “The thing that I see failing when people do a tabletop exercise is they fail to bring the responsible parties into the exercise,” he adds.
In a video interview with Information Security Media Group, Shostack discusses:
- How to develop a threat model for social issues;
- Building an incident response plan to mitigate the spread of disinformation;
- Incident planning and response advice for security leaders in 2021.
Shostack is president of Shostack & Associates, a specialized security consultancy offering threat modeling, security engineering and risk management. He's a member of the BlackHat Review Board and helped create the CVE, Common Vulnerabilities and Exposures. While at Microsoft, he drove the Autorun fix into Windows Update, was the lead designer of the SDL Threat Modeling Tool v3 and created the "Elevation of Privilege" game.