We’re all building castles, but how well will they stand up under siege?
Assembling individual controls into a unified, secure architecture can seem daunting, but doesn’t have to be.
Infosec folks like to go on about Threat Modelling and Risk Assessment, but these count for nothing unless their outcome is an actually secure system design. In a world where budgets are constrained by time and resources, we can only implement a limited subset of possible security controls when building systems.
Using various historical fortifications as easy to understand real-world examples, this talk will show you how you can assemble security controls using a simple framework and criteria. This framework can be applied by anyone who designs, builds, evaluates, or attacks systems on any scale, from individual software components to enterprise architecture.
This framework will be illustrated by applying it to a simple example Django web application.