In order to understand privacy threat models it is important to examine Solove's taxonomy of privacy harms. The harms are not only threats, but also the impact of the threats. To use Solove's taxonomy in a threat model one should pay close attention to personal data within the threat model. A few recommendations on where and how to focus on finding the harms is given by Adam Shostack in his book Threat Modeling Designing for Security. They include: data collection points on web forms; inbound data flows from external entities; where the system has in-person interaction; where data is brought together for decision making purposes; secondary use that may cross trust boundaries including those that customers may expect and in person intrusion. By closely examining data on the threat model one may see potential privacy threats. Understanding the key to finding privacy threats will greatly help those creating threat models.
To gain a new perspective on creating a threat model be sure to visit Microsoft's new Threat Modeling Tool. One advantage of this is that it no longer requires Microsoft Visio to create new threat models. Now it can be created using the included stencil set. For more information visit http://blogs.msdn.com/b/sdl/archive/2014/04/15/introducing-microsoft-threat-modeling-tool-2014.aspx
Shostack, A. (2014). Threat Modeling Designing for
Security. BoulevardIndianapolis: Wiley.
No comments:
Post a Comment