It appears JavaScript is currently disabled in your browser. JavaScript needs to be enabled to view this recording.

Prof. ir. Christophe HuygensProf. ir. Christophe Huygens

Christophe is a consultant, an academic and an entrepreneur. He teaches Internet Security at K.U. Leuven. His research interests include methods and metrics for quantification of policy compliance, assurance processes, policy enforcement and assurance strategies and security of sensor networks.

He co-founded Ubizen and served as its CTO.

As a consultant, Christophe helps clients with operational risk management as well as security and large-scale monitoring problems.


 description

Software security: business risk

Learning objectives

Understand

  • how application development risk relates to operational risk
  • why secure application development risks get little attention
  • risk indicators and security metrics
  • value of our assets by looking at black market economics

 

Overview

Secure application development is not a stand-alone activity: it relates to other activities in the field of security, ICT and our business objectives. In this section we zip through this business ecosystem.

We look at risk as an integral part of doing business: what are the various dimensions of risk, how can we handle those and how important is development risk in this overall picture. Zooming into this may clarify why development risks have received little attention.

Next we look at how to quantify some risks involved with some examples from the financial industry... we try to measure security for ICT systems and present the metrics approach by looking at some metrics for secure application development. The talk reports on recent research findings and trends in this field.

Then we move to the perspective of our adversary: how much much money can be made by exploiting s/w? How much is my personal financial data worth on the black market? This gives some idea of the resources our adversary has available.

Partners:

Solvay Brussels School of Economics and Management Katholieke Universiteit Leuven

Affiliated organizations:

OWASP NESSoS STREWS
Creative Commons

Contents of the secappdev.org website are licensed under a Creative Commons Attribution-NonCommercial 3.0 License.