Confirmed users
133
edits
Security/Automation/WinterOfSecurity2014: Difference between revisions
Jump to navigation
Jump to search
Security/Automation/WinterOfSecurity2014 (view source)
Revision as of 14:10, 7 April 2014
, 7 April 2014→A playful way of teaching risk management to individuals
| Line 61: | Line 61: | ||
* language: english | * language: english | ||
Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla. | Risk management methodologies are numerous, but often regarded by individuals outside of the security community as dull and boring. The goal of this project is to design a way to teach the Mozilla Risk Management program to individuals at Mozilla. This could take the form of a strategy game, or anything that the students think is appropriate. This project has a strong component of creativity, but must also take into account some of the particularities of Mozilla: people are technically minded, work remotely often on video, and care a lot about security and privacy. A successful training program should teach the individual the entire lifecycle of data at Mozilla. | ||
==== An online threat modelling tool ==== | |||
* mentor: TBD | |||
* difficulty: medium | |||
* language: english | |||
Threat modelling is an important part of designing an application, and a threat model diagram is a very useful way to document the threats that apply to your application. | |||
Unfortunately there are a very limited number of thread modelling tools available, and most of those are restricted to specific platforms. | |||
This project is to create an online HTML5 application which will allow the user to easily create threat model diagrams online. | |||
It should be very easy to use, and allow the diagrams to be exported in the most common image formats. | |||
The graphical elements of the [https://www.microsoft.com/security/sdl/adopt/threatmodeling.aspx Microsoft Threat Modeling tool] are a good example of the type of functionality required. | |||