San Francisco, California
London, United Kingdom
OWASP MSP and ISSA MN
Invite you to an evening of discussion, a game event, prizes, food and drink (food and drink are provided).
We will start with a discussion about Security Metaphors moderated by Josh More. The discussion is followed by an "Elevation of Privilege" mini-tourney.
Date: Wednesday, October 17th, 2012
5:30 PM Room opens for networking and CPE signup
6:00 PM Welcome and Discussion:
6:45 PM Elevation of Privilege
9:45 PM Wrap-up Game (if not earlier) and
SPACE IS LIMITED!!!
Discussion: SECURITY METAPHORS
Abstract: For years, we've been hearing that "IT" and not "Security" don't
"speak the language business". However, while there is a lot of
information out there on how what "business people" like, there is
little on how to actually talk to them. Josh More is looking to
change this by identifying common metaphors in use within Security and
how they fail, then determining a method of uncovering the metaphors
that people use so. By using people's own metaphors when communicating
with them, we can shortcut many of the miscommunication issues that
occur, spend less time arguing and more time working together.
GAME EVENT - Elevation of Privilege (EoP)
EoP was designed as an educational tool by Microsoft to teach Threat Modeling.
We will provide you a sample application to play against. You will be arranged at various tables and playing individually. We will preview the rules prior to play. Prizes will be awarded to the winners.
*You must be registered for the event to attend.
Please contact Lorna at firstname.lastname@example.org or 651-338-0243 if you would like to sponsor a meeting or meeting location for an upcoming OWASP MSP meeting.
When & Where
OWASP - MSP Chapter
The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security. We advocate approaching application security as a people, process, and technology problem because the most effective approaches to application security include improvements in all of these areas. Learn more at OWASP MSP