Turn Your Head And Cough - Why Architecture Risk Assessments Are Like Being A General Physician

Explore a conference talk that draws parallels between architecture risk assessments and the work of general physicians. Learn about the challenges and best practices in conducting security architecture evaluations, including dealing with assumptions, gathering information from various sources, and handling misinformation. Discover insights on improving outcomes, standardizing processes, and the future of security architecture, including the concept of a security architecture residency program. Gain valuable lessons from the medical field that can be applied to enhance the effectiveness of risk assessments in the realm of information security.

Introduction
General Assumptions
Analogy
Lessons Learned
Patient Interview
Malicious Lie
Secondary Sources Of Information
Accidental Lies
Art And Science
Patients Dont Listen
Improving Patient Outcomes
Publishing Case Studies
Standards
Security Architecture
Imperfect Information
Institutionalization
The Future
Security Architecture Residency
Sharing Findings
Enterprise Secret Sauce