A presentation at SnykCon by Daniel "phrawzty" Maher
Risk management is relatively new to the security industry but in reality insurance teams, government, and finance have been using risk assessments to make decisions for years. In this talk we’ll demonstrate how to apply classical risk management concepts to modern DevOps practices. You’ll learn how to communicate across your organisation using a standard vocabulary to calculate risk at a service level, then see a demonstration of how to dynamically calculate and increase risk levels using Security Scores.
The following resources were mentioned during the presentation or are useful additional information.
This training shows how to walk through a risk assessment for an individual service using the Mozilla Rapid Risk Assessment Framework developed by Guillaume Destuynder and Julien Vehent.
Here’s what was said about this presentation on Twitter.