Threat Modeling
From Responsible Data Wiki
What is threat modeling?
Threat modeling is a process by which we objectively analyze our scenario and name the threats we are able to see in order to develop a dynamic model specific to that situation that informs our ability to take risks.
Information Methodology
- What is it that you have that you want to protect?
- Who is trying to acquire what you are protecting?
- What are the consequences if that thing is taken?
- What are the foreseeable barriers that would prevent you from implementing any solution in your threat model?
- What strategies do we have in place for unforeseen threats?
- What recourse do you have in the event of an attack?
Physical Methodology
- What would provoke an attack?
- Who would attack?
- How would they attack?
- What recourse do you have in the event of an attack?
Wish List
- Gaining access to security specialists who can advise on what is already known.
- A model to bootstrap participants in a safe and discreet way before threat modeling.
- A more comprehensive framework for threat modeling that is developed by consensus and contains up to date practices addressing both informational and physical threats.