John Cusimano of Exide presented the following session during ISA Automation Week 2011 in Mobile, AL.

Threat Modeling is a technique that has long been used by software developers to assess the security risks in their code. It is a significant part of the Microsoft Security Development Life Cycle. Threat Modeling can also be applied to systems and can be a very good tool for assessing the security of industrial control system. It provides a systematic approach to identifying, classifying and quantifying the amount of risk presented by each evaluated threat. This presentation will describe the threat modeling process and explain how it can be applied to an industrial control system. Real world examples will be used to help demonstrate how this can be applied.

For additional information, visit the ISA Interchange website:

http://automation.isa.org/2011/11/assessing-the-security-of-ics-systems-using-threat-modeling/