Description of session
This practical session on creating Wardley maps considered the following aspects of Wardley maps:
Shared and reviewed Wardley maps
- Non-security specific
- Across a number of different industries
- Use-cases as examples of good mapping
High-level review of related articles to
- Lay out processes or approaches to develop Wardley maps
- Resources here
Analysed proposal for “map of security mapping”
- Generated useful conversations
- Sharing of insight in terms of
- Positioning of elements on the map
- Consensus -approach was appropriate and the elements relevant
- See proposal
Presented a set of proposals on using Wardley Maps to capture security scenarios based on Cyber Essentials compliance, which covers:
- Patch Management
- User access control
- Malware protection
- Firewalls
- Hardening/Secure Configuration.
Outcomes/Deliverables
- Review and feedback on map of security mapping
- Agreement on usefulness of maps for assessing particular parts of a security landscape
- Following feedback received, the map was updated as follows:
Next steps
- Update in the relevant section all the resources that were reviewed plus additional ones that were shared during the session
- Add the security scenarios and use cases discussed in the meeting to an OSS template
Resources
See the session’s presentation on Slideshare