abstract

Author: Goran Obradović, M.Sc.
Director of Technology
Chief Information Security Officer
Dominion Voting Systems Corporation
Toronto, Canada
goran@dvscorp.com


Topic: Threat Modeling and Data Sensitivity Classification for Information Security Risk Analysis. Secure Electronic Voting Systems – Case Study

Abstract: Modern information systems require sophisticated security mechanism for protection from internal
and external threats. Before any decision on what security strategy should be used for protection of
information assets or system infrastructure, thorough risk analysis must be performed. Data
sensitivity classification and threat modeling are two of the fundamental prerequisite steps needed
for quantitative risk analysis, which in turn provide security basis of requirements engineering
process. In most cases, blindly applying security patterns, or solutions that have already been
extensively used in practice, without performing data sensitivity and threat analysis, don’t provide
adequate protection within the specific context.
This presentation gives emphasis on above mentioned security processes from theoretical point of
view, as well as using practical case study related to electronic voting systems, and in particular