Threat Modeling

From Responsible Data Wiki
Revision as of 21:09, 8 April 2015 by Simonesalvo (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

What is threat modeling?

Threat modeling is a process by which we objectively analyze our scenario and name the threats we are able to see in order to develop a dynamic model specific to that situation that informs our ability to take risks.


Information Methodology

· What is it that you have that you want to protect? · Who is trying to acquire what you are protecting? · What are the consequences if that is taken? · What are the foreseeable barriers that would prevent you from implementing any solution in your threat model? · What strategies do we have in place for unforeseen threats? · What recourse do you have in the event of an attack?

Physical Methodology · What would provoke an attack? · Who would attack? · How would they attack? · What recourse do you have in the event of an attack?

Wish List · Gaining access to security specialists who can advise on what is already known. · A model to bootstrap participants in a safe and discreet way before threat modeling. · A more comprehensive framework for threat modeling that is developed by consensus and contains up to date practices addressing both informational and physical threats.

· A process by which we objectively analyze our scenario, name the visible threats; to develop a dynamic model specific to that situation, informing our ability to take risks… · Gaining access to security specialists who can advise on known threats · A model to bootstrap participants in a safe and discrete way before threat modeling. · More comprehensive framework for modeling that is: o Developed by consensus o Containing up-to-date practices o Addressing hidden information and physical threats

Retrieved from "https://wiki.responsibledata.io/index.php?title=Threat_Modeling&oldid=840"