In this workshop, participants will conduct a Cybersecurity Threat and Risk Assessment on an example application. It will begin with an explanation of the Threat and Risk Assessment: what it is, its purpose, benefits, inputs and outputs, and the importance of having supporting governance and processes.

Participants will learn 

• Where Threat and Risk Assessment fits in the software/solution development and delivery life cycle
• What information is required 
• Which stakeholders should be engaged at each stage 
• How building-in cyber security controls throughout development vs. adding it on:
  • increases the effectiveness of the controls, and
  • reduces costs associated with latent redesign, redevelopment and potentially re-deployment.

As the group carries out the Threat Risk Assessment exercise, considerations such as the role of business analyst, potential challenges along the way, and the importance of frequent and transparent collaboration will be woven throughout the session.

What Attendees Will Learn:

• Understand what a solution-level cybersecurity risk assessment is
• Understand how cybersecurity is built into solutions, not bolted on
• Understand which inputs are required and which stakeholders to engage
• Understand how risks can be mitigated, and residual risks managed
• Be able to facilitate or contribute to a Threat and Risk Assessment