Good Afternoon Dear SIRAnauts,
As all of us are probably aware, the situation around COVID-19 (Coronavirus) is changing. We are seeing accelerating spread in the US and worldwide, companies are putting employees on travel lockdowns, conferences and meetings are getting canceled. In the past week, the SIRA board has received several questions about SIRAcon `20, which is scheduled to take place in seven weeks. We wanted to update you on the current status without delay. We are continuing to monitor the situation, but it appears unlikely that SIRAcon will proceed as planned.
We will be working with the venue, our sponsors, speakers, and the community to assess alternatives. Those discussions have not yet begun and we do not yet know what options we have. Our expectation and hope is that SIRAcon `20 will be postponed to a future date. For now, our primary concern is of course the health and welfare of our community, even if this change could threaten the solvency of SIRA and negatively affect the info risk analysis community.
If you were about to book travel to Tampa for SIRAcon, we recommend you hold off for now. We expect to know much more in the next two weeks, and we have plans to meet with our venue this week to see what options we have for rescheduling. If you've already registered for SIRAcon, worry not—we will do everything we can to meet your wishes. But for now, we ask you to hold fast until we can provide further updates.
Join Rockie Brockway, Practice Lead, Office of the CSO at TrustedSec for a unique discussion of 10 Things I Hate About TCAP
Well, maybe not ten, but ... Practitioners of the quantitative risk framework Factor Analysis of Information Risk (FAIR) will already be familiar with the Threat Capability (TCAP) variable. I've historically been frustrated determining whether a threat-actor is in the upper 2% of the threat community, in the 85th percentile of the threat community continuum, or even some blend of such rating systems. Yet, even when one lands on a final TCAP rating, the FAIR framework is missing crucial threat-actor variables that should contribute to the final risk derivations, including actor motivation and attack complexity. Relatively recent research and resources, such as the MITRE ATT&CK framework, provide additional insight into many of today's known, active threat-actor groups, and the techniques they use, that can be used to further define the TCAP variable.
Go to registration page below for full description.