Crossposted using Lemmit.
Original post from /r/opsec by /u/Powershillx86 on 2023-05-31 14:06:46+00:00.
How do we think of which models to make? the EFF suggest you ask yourself the following:
- What do I have that is worth protecting?
- Who do I want to protect is from?
- How likely is it that I will need to protect it?
- How bad are the consequences if I fail?
- How much trouble am I willing to go through to prevent these consequences?
An alternative, but similar set of questions designed for Software threat modeling by Adam Shostack, author of Threat Modeling: Designing for Security
- What are you doing? (what info is involved)
- What can go wrong? (consider all attack types, recommendation is to use the STRIDE model)
- What are you going to do about it? (Identify improvements)
- Have you done a good job? (restart the loop)
this post is mostly just to help beginners but it never hurts to brush up on fundamentals!
I have read the rules
not sure if this is the right flair
EDIT: Thank you for the silver :)
No comments yet!