Wardley Maps for Security

View the original Working Session content

Description of session

This practical session on creating Wardley maps considered the following aspects of Wardley maps:

  • Shared and reviewed Wardley maps

    • Non-security specific
    • Across a number of different industries
    • Use-cases as examples of good mapping
  • High-level review of related articles to

    • Lay out processes or approaches to develop Wardley maps
    • Resources here
  • Analysed proposal for “map of security mapping”

    • Generated useful conversations
    • Sharing of insight in terms of
      • Positioning of elements on the map
      • Consensus -approach was appropriate and the elements relevant
      • See proposal
  • Presented a set of proposals on using Wardley Maps to capture security scenarios based on Cyber Essentials compliance, which covers:

    • Patch Management
    • User access control
    • Malware protection
    • Firewalls
    • Hardening/Secure Configuration.


  • Review and feedback on map of security mapping
  • Agreement on usefulness of maps for assessing particular parts of a security landscape
  • Following feedback received, the map was updated as follows:

Next steps

  • Update in the relevant section all the resources that were reviewed plus additional ones that were shared during the session
  • Add the security scenarios and use cases discussed in the meeting to an OSS template


See the session's presentation on Slideshare

Session organiser(s)

Mario Platt Mario Platt , Tony Richards Tony Richards


Ben Schofield Ben Schofield , Emma Fang Emma Fang , Florian Buetow Florian Buetow , Hwee Ching Neo Hwee Ching Neo , Jean-Jacques MOIROUX Jean-Jacques MOIROUX , Nick Drage Nick Drage , Phil Huggins Phil Huggins , Roger Comastorres Roger Comastorres , Simon Wardley Simon Wardley , Yan Kravchenko Yan Kravchenko Avi Douglen Avi Douglen , Konstantinos Damianakis Konstantinos Damianakis , Luis Servin Luis Servin , Vinod Anandan Vinod Anandan

Attached materials: