Difference between revisions of "Threat modeling the quick and dirty way"
From Gender and Tech Resources
m (→Step 3. Reorder the list according to your set of priorities) |
m |
||
Line 1: | Line 1: | ||
− | |||
== Basic choreography == | == Basic choreography == | ||
Line 19: | Line 18: | ||
* If this is a learning experience or you are a fan of "only time for putting out fires" cultures, no need for ordering. | * If this is a learning experience or you are a fan of "only time for putting out fires" cultures, no need for ordering. | ||
* In a low risk environment (no immediate death threats) an "on demand" strategy works well. In this strategy you can use "low hanging fruit" and set up protection for items with a big impact and/or high likelihood of occurrence first. | * In a low risk environment (no immediate death threats) an "on demand" strategy works well. In this strategy you can use "low hanging fruit" and set up protection for items with a big impact and/or high likelihood of occurrence first. | ||
− | * In a high risk environment or if any of the items in the list of possible impacts reads " loss of life" or some life-altering experience or you have turned procrastination into an art, best choose an "anticipating strategy", meaning do more research and detailed scenario planning to find possible [[threats and solutions]] overlooked. | + | * In a high risk environment or if any of the items in the list of possible impacts reads " loss of life" or some life-altering experience or you have turned procrastination into an art, best choose an "anticipating strategy", meaning do more research and detailed scenario planning to find possible [[Digital threats, detection, protection and (counter) moves|threats and solutions]] overlooked. |
== Examples == | == Examples == | ||
Line 35: | Line 34: | ||
=== Blogging from egypt === | === Blogging from egypt === | ||
+ | |||
+ | == Related == | ||
+ | * [[Timeline masters of the internet]] | ||
+ | * [[Timeline merchants of death]] | ||
+ | * [[Digital threats, detection, protection and (counter) moves]] | ||
+ | * [[Protest threats, detection, protection and (counter) moves]] |
Revision as of 09:56, 6 June 2015
Contents
Basic choreography
Step 1. Set up a table
Threat | Likelihood | Impact | Protection |
---|---|---|---|
Walking into a tree | medium | Pain for a few days, but can still function, usually | **** |
The first column contains a short description of the threat, the second the likelihood of it occurring, the third what impact it would have if it did happen, and the fourth an assessment (grade) of the time and energy you would need to protect yourself from the threat (for instance you can have no stars denote that there is no protection from that threat, hence it will cost nothing.
Step 2. Fill in the table
I recommend doing a brainstorm on threats as initial filling of the table, before thinking about the other columns.
Step 3. Reorder the list according to your set of priorities
Choose your ordering strategy carefully. Several strategies are possible.
- If this is a learning experience or you are a fan of "only time for putting out fires" cultures, no need for ordering.
- In a low risk environment (no immediate death threats) an "on demand" strategy works well. In this strategy you can use "low hanging fruit" and set up protection for items with a big impact and/or high likelihood of occurrence first.
- In a high risk environment or if any of the items in the list of possible impacts reads " loss of life" or some life-altering experience or you have turned procrastination into an art, best choose an "anticipating strategy", meaning do more research and detailed scenario planning to find possible threats and solutions overlooked.
Examples
Protesting in the united states
Threat | Likelihood | Impact | Protection |
---|---|---|---|