[cabf_netsec] Threat Modeling meeting - 01.10.2020

Mariusz Kondratowicz mkondratowicz at opera.com
Thu Oct 1 11:13:46 MST 2020


Hi,

We would like to share with you meeting notes from our meeting.

The primary topic we discussed in today’s meeting was improvements to our
current process.


   -

   Schedule the list of priorities from NetSec
   -

   Last 10 minutes of every meeting to summarize what we discussed
   (conclusions)
   -

   Write in the narrative form with more context
   -

   Output should contain:
   -

      Our observations
      -

      Our thoughts
      -

      Conclusions
      -

      Key points
      -

      Recommendations
      -

   Send our notes in form of an email instead of Google Docs
   -

   Add “Today on Threat Modeling we discussed rules around X” (with context
   and scenarios)
   -

   Where should the topics come from?
   -

      Analyse wording in NSRs to find gaps
      -

      Clarifying the intent of NSRs
      -

      Looking into changes which were proposed
      -

      Building guidelines and explanations for NSRs (and show when the NSRs
      are not perfect)
      -

   Objectives:
   -

      Stimulation of people thoughts about
      -

      Get feedback about what we did
      -

   Brainstorming about good and wrong things
   -

   Attacker model could be also analysed
   -

   Form of notes
   -

      Questions which we discussed
      -

      Show our concerns
      -

   During the Threat Modeling group we can focus on creating a new section
   “risk analysis” below the “purpose” section in every Ballot


If you have any suggestions what else we can, please let us know.

Also, if you would like to join us next time, you can find link to Webex on
Wiki:
https://wiki.cabforum.org/teleconference_numbers#threat_modeling_subgroup

Best regards,

Mariusz Jacek Kondratowicz | Information Security Manager

[image: Opera]

The information in this email and any attachments is CONFIDENTIAL
INFORMATION and is solely for the attention of the intended recipient. If
you are not the intended recipient, then you have received this message in
error and therefore reading it, copying it, or in any way disclosing its
content to any other person is unauthorized. If you have received this
message in error, please notify the sender by reply email and then
immediately delete this email (including any attachments).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/netsec/attachments/20201001/7e2039a9/attachment.html>


More information about the Netsec mailing list