How to Build Cyber Threat Assessment Models for Physical Security
Terry Gold, Principal Analyst, D6 Research
Hackers are learning that targeting physical security to compromise digital assets can make their attacks much more effective. As physical security infrastructure undergoes significant evolution to look more like that of IT; ranging from remote connectivity, to services over connected devices, and the collection of sensory attributes for great intelligence, the attack surface of opportunity expands. It also gets more complex to effectively secure and common practice models that have been evangelized as part of longstanding training and certifications are no longer effective. This session will revisit how security practitioners can confront the transformation of physical security practices to those of cyber security best practices – but applied in the appropriate context. The majority of the session will focus on re-engineering how organizations classify assets, assign risk, and the actions taken by using a threat model. As opposed to a workspace to technology stack method, threat models study attack, severity and impact around various classes of assets to correlate specific risks to purposely executed controls.