|
PRESENTATION:
|
Key Attribute and Risk Management and Analysis (KARMA)
|
|
PRESENTER(S):
|
Daniel Miessler, Director of Advisory Services for IOActive
|
|
CONFERENCE:
|
|
|
LOCATION:
|
Marriott Courtyard, Boston, MA, US
|
|
DATE & TIME:
|
May 19, 2016 at 2:10PM
|
Key Attribute and Risk Management and Analysis (KARMA) is a method for rating a system’s ability to avoid negative outcomes based on a limited number of key attributes. The system leverages subject matter expert (SME) knowledge of the particular system being rated, and its goal is to find the attributes that best predict negative outcomes in the real world.
Analogs exist already in industries such as Healthcare, Insurance, and Finance. In these fields it’s possible to gather information about a relatively small number of things regarding a system/person/situation, and then make informed decisions about how likely the subject is to have an undesirable outcome (e.g. premature death, insurance payout, or loan default).
The goal of the KARMA system is to do the same for information security as it pertains to other types of systems. These include security program components, such as vulnerability management and insider threats, as well as system components, such as applications, operating systems, etc.
This talk will provide an overview of how KARMA can be used to gain a more accurate view of real-work risk (i.e. knowing your actual attacker-based risk, instead of your compliance with arbitrary standards).
About Daniel Miessler
Daniel Miessler is Director of Advisory Services with IOActive where he is focused on leveraging IOActive’s pedigree in testing and research to help customers measure, rate, and improve the effectiveness of their strategic security programs. Daniel has 15 years of experience in information security with a focus on web, mobile, and Internet of Things (IoT) and is a project leader for the OWASP IoT and OWASP Mobile Top Ten projects.
About SOURCE Boston 2016
At SOURCE, we pride ourselves on having some of the best speakers in the world speak at our conferences. But we’re about so much more than just great talks. We are one of the only conferences that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of today’s toughest security issues.
About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.
###
Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github