Threat Modeling

From Responsible Data Wiki
Revision as of 20:12, 8 April 2015 by Simonesalvo (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

What is threat modeling?

Threat modeling is a process by which we objectively analyze our scenario and name the threats we are able to see in order to develop a dynamic model specific to that situation that informs our ability to take risks.

Information Methodology

  • What is it that you have that you want to protect?
  • Who is trying to acquire what you are protecting?
  • What are the consequences if that thing is taken?
  • What are the foreseeable barriers that would prevent you from implementing any solution in your threat model?
  • What strategies do we have in place for unforeseen threats?
  • What recourse do you have in the event of an attack?

Physical Methodology

  • What would provoke an attack?
  • Who would attack?
  • How would they attack?
  • What recourse do you have in the event of an attack?

Wish List

  • Gaining access to security specialists who can advise on what is already known.
  • A model to bootstrap participants in a safe and discreet way before threat modeling.
  • A more comprehensive framework for threat modeling that is developed by consensus and contains up to date practices addressing both informational and physical threats.