Loading…
The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
View analytic
Friday, January 25 • 11:45am - 12:35pm
Game On! Adding Privacy to Threat Modeling

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The Elevation of Privilege card game has been designed for threat modeling based on STRIDE threats, and has since become a widely-deployed tool for security and development teams. One of its many feats is to bridge the knowledge gap between development and security when analyzing a software system, allowing for a structured conversation with intensive knowledge sharing. This is achieved by leveraging elements of game design, allowing for reciprocity and better engagement. These feats make it an ideal candidate to help with other closely related areas where developers need to cooperate with departments like compliance, legal, or privacy. Specifically looking at privacy, due to its obvious relevance recently, this presentation will show an extension of the Elevation of Privilege card game that LogMeIn has adopted to meet its privacy by design requirements. It will show the research that helped define the cards of the suit and give a quick overview of the individual cards. By the end of the talk, practitioners will have a new toolset to include into their security and privacy processes. Furthermore interested listeners will hear methods on how to design extensions to already available games, allowing to incorporate topics they feel necessary for their work practices into fun exercises.

Speakers
avatar for Adam Shostack

Adam Shostack

President, Shostack & Associates
I'm an entrepreneur, technologist, author and game designer, focused on improving security outcomes for my customers and the industry as a whole. To solve these problems, I create a wide variety of companies and organizations, software, new analytic frameworks, as well as books, games... Read More →
avatar for Mark Vinkovits

Mark Vinkovits

Manager, AppSec, LogMeIn
Mark studied computer science and information security and did his PhD on usable and secure computing. He worked as software, security, and privacy engineer over the past decade, his current position being Mgr. of AppSec at LogMeIn. Since his research in user centered computing, he... Read More →



Friday January 25, 2019 11:45am - 12:35pm
Sand and Sea Room