Cybersecurity: Risk Analysis and Mitigation with Model-Based Design

This 4-part webinar series will demonstrate a workflow that manages security risks efficiently and consistently starting with fundamentals of Model-Based Design in the context of security risk analysis, followed by asset and threat identification, feasibility estimation and severity assessment. It integrates safety data from analyses such as FHA and FMEA, defines countermeasures, allocates goals, and calculates residual risk. Attendees will also learn about verification and validation of security goals and performing change analysis to track design changes while keeping risk data consistent.  

Highlights

• Fundamentals of Model-Based Design in the context of security risk analysis 
• Asset and threat identification (STRIDE method) 
• Feasibility estimation (attack potential method) 
• Severity assessment (attack simulation method) 
• Integration with safety data from analyses such as FHA and FMEA 
• Countermeasure definition, goal allocation, and residual risk calculation 
• Verification and validation of security goals 
• Change analysis to track design changes and keeping risk data consistent 

About the Presenters

Marco Bimbi is a Principal Application Engineer focusing on Model Based Systems Engineering workflows for safety critical applications. Marco joined MathWorks in 2022. Before joining The MathWorks, he has worked for 10+ years in aerospace as well as rails industries such as Rolls-Royce and Deutsche Bahn focusing on Systems Engineering workflows for safety critical applications. During his career he held various roles such as Control Systems Architect, Model Based Systems Engineering Specialist and Requirements Manager. At MathWorks Marco helps customers to leverage MathWorks toolchain, including System Composer, for their Systems Engineering workflow. Moreover, Marco provides industry insight to the MathWorks development team to drive future product capabilities

Martin Becker is a Principal Application Engineer at The MathWorks and an independent security researcher. He received his Ph.D. in software verification from Technical University of Munich for his work on real-time computer systems, and has 20 years of experience in embedded systems, amongst others working as avionics engineer at Airbus Defense & Space, Research Engineer at Tata Consultancy Services, and Lecturer at Singapore Institute of Technology. In his daily work, he supports customers from all industries in the efficient development of safety-critical software and certification according to industrial standards, accompanies the development of innovative verification tools, and uses them himself as an ethical hacker in the field of FOSS software.