Three Ways to Discover Technical Security Requirements?
Learn how to identify security requirements with your project team!
In this interactive workshop you’ll play two or more tried-and-tested card games on a case study project. They’ll help you to find various kinds of security issue and explore how important they are.
Almost every software product and service nowadays has security and privacy concerns, so it’s vital that we know how to identify possible security requirements. But the requirements are rarely obvious, so we need to use teamwork for ‘threat assessment’ to 'think outside the box'. A popular approach is to use a game format, with prompt cards, such as Adam Shostack's Elevation of Privilege, Tamara Denning's Threat Discovery Cards, and Nick Merrill’s Adversary Personas. In this workshop you’ll try playing them, and see how each one works for you.
The workshop is suitable for any ACCU delegate. You will learn a vital technique for secure software, threat assessment; you’ll learn how to run a card-based threat assessment session; and we as a community will all learn about the merits of the different card games.
Dr Charles Weir has thirty years of experience as a researcher, software architect, design consultant and company MD, specialising in applications for terminals and mobile devices. He was technical lead for the world's first smartphone, the Ericsson R380; and was app security lead for the world's first Android payments app, EE Cash on Tap.
Charles is researching at Security Lancaster how to help improve the security and privacy of the software systems we create.
Lucy Hunt is an IT consultant, software engineer and business analyst with over 20 years in industry and two years as an IT volunteer with VSO Nepal. In 2018 she completed her MSc in Cyber Security at Lancaster University, and is now in the third year of a PhD researching whistleblowing in software engineering.