Security Fundamentals: Threat Modeling
HTML-код
- Опубликовано: 24 июл 2024
- Threat modeling is a useful tool for examining your life with the purpose of determining threats and vulnerabilities with the aim of protecting against them.
“A way of thinking about the sorts of protection you want for your data so that you can decide which potential threats you are going to take seriously.” ~EFF
Timestamp Chapters:
00:00 Intro
00:56 What is Threat Modeling?
05:57 Steps to Threat Modeling
06:31 Step One
07:25 Step Two
08:06 Step Three
09:04 Step Four
10:02 Step Five
11:16 Closing Thoughts
12:57 Outro 
Наука
Really well done! Would Threat Modeling work against Data Collection from Corporations like Facebook, Google and other large markets that make money from taking your data and search history for profit? You named a few that could prevent from taking it, like family, government and even rival businesses but what about businesses that aren't rivals? Fantastic video and great reasoning plus insight, on the cost of not using Threat Modeling.
AStupidMonkeyy Gaming, Great question! While we presented some examples in the video, there are any number of ways that threat modeling could be used for each situation. As we discussed, the most important thing is to understand the process of how to think about potential threats and have a framework to approach them.
In the case you described it's important to understand what you are trying to protect. It could be the data you have in emails, on your social media, location, or purchase history. Determining the worst case risk here is challenging for some people because it can be hard to describe the impact that personal data has on your life or well-being. However, we would suggest that the aggregate loss or involuntary disclosure has a very deep impact.
In your suggested concern, the bigger issue is how to address the risk. For Google or related companies, this might mean transitioning to more privacy focused services where possible. To be clear, Google is very secure but terrible with privacy. These two concepts are not the same, even though a lot of people discuss them as though they're interchangeable.
One method of protecting your data is to thoroughly review the settings on these services and restrict as much information gathering as possible by "opting out" to anything you can. But realize that this sometimes only has minor effects. Another great defensive control is limiting the type of information you share with these services and the frequency of that information.