Ooops, Now What? :: The Stolen Data Impact Model (SDIM)

DerbyCon 3.0 - All In The Family

Presented by: Brent Huston
Date: Friday September 27, 2013
Time: 13:00 - 13:50
Location: Track 3
Track: Teach Me

Description:“There are plenty of ways to analyze a breach. There are models for the recon, the break in and the exfiltration. But, what if the attacker steals more than database dumps and customer records? How do you model what you just lost in terms of business, competitive advantage and potential damage to the infrastructure? Given today’s attacker focus on source code, methodologies, future state plans and architectures for infrastructure, we need a better way to model, analyze and communicate the impacts of what we lost.

Enter the Stolen Data Impact Model (SDIM) Project. Led by MSI Security Evangelist & CEO, Brent Huston, the SDIM is a work in progress to answer some of these questions. This talk will introduce the project, cover the goals and progress and leave the audience with more insights into how to understand and discuss what was stolen in information security compromises. Examples will be demonstrated and the framework for analysis will be explained. Take aways will not only include better understanding of the SDIM, but also prepare the audience for using it and participating in its design and maturity.

Brent Huston

Brent Huston is the Security Evangelist and CEO of MicroSolved, Inc. He spends a LOT of time breaking things, including the tools/techniques and actors of crime. When he is not focusing his energies on chaos & entropy, he sets his mind to the order side of the universe where he helps organizations create better security processes, policies and technologies. He is a well recognized author, surfer, inventor, sailor, trickster, entrepreneur and international speaker. He has spent the last 20+ years dedicated to information security on a global scale. He likes honeypots, obscure vulnerabilities, a touch of code & a wealth of data. He also does a lot of things that start with the letter “s”. You can learn more about his professional background here: http://www.linkedin.com/in/lbhuston & follow him on Twitter (@lbhuston).


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats