Difference between revisions of "Threat modeling the quick and dirty way"
From Gender and Tech Resources
m (→Basic choreography) |
m (→Basic choreography) |
||
| Line 2: | Line 2: | ||
== Basic choreography == | == Basic choreography == | ||
| − | Step 1. Set up a table | + | === Step 1. Set up a table === |
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| − | ! Threat !! Likelihood !! Impact !! | + | ! Threat !! Likelihood !! Impact !! Protection |
|- | |- | ||
| Walking into a tree || medium || Pain for a few days, but can still function, usually || **** | | Walking into a tree || medium || Pain for a few days, but can still function, usually || **** | ||
|} | |} | ||
| − | The first column contains a short description of the threat, the second the likelihood of it occurring, the third what impact it would have if it did happen, and the fourth an assessment (grade) of the time and energy you would need to protect yourself from the threat. | + | The first column contains a short description of the threat, the second the likelihood of it occurring, the third what impact it would have if it did happen, and the fourth an assessment (grade) of the time and energy you would need to protect yourself from the threat (for instance you can have no stars denote that there is no protection from that threat, hence it will cost nothing. |
| − | Step 2. Fill in the table | + | === Step 2. Fill in the table === |
| + | I recommend doing a brainstorm on threats as initial filling of the table, before thinking about the other columns. | ||
| − | Step 3 | + | === Step 3. Reorder the list according to your set of priorities === |
| + | Choose your ordering strategy carefully. Several strategies are possible. | ||
| + | * If this is a learning experience (or you are a big fan of maintaining an "only time for putting out fires" culture) pick any item you like. | ||
| + | * In a low risk environment (no immediate death threats) an "on demand" strategy works well. In this strategy you can use "low hanging fruit" and set up protection for items with a big impact and/or high likelihood of occurrence first. | ||
| + | * If any of the impacts listed reads possible loss of life or life-altering experiences, best choose an "anticipating strategy", meaning do some more research and detailed scenario planning to find possible threats and solutions overlooked. | ||
== Examples == | == Examples == | ||
| − | === | + | === Protesting in the united states === |
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
|- | |- | ||
| − | ! Threat !! Likelihood !! Impact !! | + | ! Threat !! Likelihood !! Impact !! Protection |
|- | |- | ||
| − | | | + | | || || || |
|} | |} | ||
| + | |||
| + | === Protesting in the westbank === | ||
| + | |||
| + | === Blogging from egypt === | ||
Revision as of 21:24, 5 June 2015
Contents
Basic choreography
Step 1. Set up a table
| Threat | Likelihood | Impact | Protection |
|---|---|---|---|
| Walking into a tree | medium | Pain for a few days, but can still function, usually | **** |
The first column contains a short description of the threat, the second the likelihood of it occurring, the third what impact it would have if it did happen, and the fourth an assessment (grade) of the time and energy you would need to protect yourself from the threat (for instance you can have no stars denote that there is no protection from that threat, hence it will cost nothing.
Step 2. Fill in the table
I recommend doing a brainstorm on threats as initial filling of the table, before thinking about the other columns.
Step 3. Reorder the list according to your set of priorities
Choose your ordering strategy carefully. Several strategies are possible.
- If this is a learning experience (or you are a big fan of maintaining an "only time for putting out fires" culture) pick any item you like.
- In a low risk environment (no immediate death threats) an "on demand" strategy works well. In this strategy you can use "low hanging fruit" and set up protection for items with a big impact and/or high likelihood of occurrence first.
- If any of the impacts listed reads possible loss of life or life-altering experiences, best choose an "anticipating strategy", meaning do some more research and detailed scenario planning to find possible threats and solutions overlooked.
Examples
Protesting in the united states
| Threat | Likelihood | Impact | Protection |
|---|---|---|---|