Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
31 lines (21 sloc) 3.38 KB

Code for DC CryptoParty Agenda | October 23, 2018

Threat Modeling

Bring your phone, tablet, computer, or pen/paper to follow along!

Code for DC CryptoParty Ethos

Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Privacy is where we draw the line on how far a society can intrude into our personal lives. It is user-defined and varies between individuals. You are the steward of your identity. You are the only person who has the right to disclose your personal story.

Housekeeping

  1. Remember to join #cryptoparty on Code for DC's Slack.

  2. We are going to fill out this worksheet together. Please remember to copy the document to your own Google Drive. Let us know if you need a printed copy to fill out by hand. You can also download it as a PDF. This worksheet will be confidential to you and sharing is completely voluntary.

Definition

A way of narrowly thinking about the sorts of protection you want for your assets. It's impossible to protect against every kind of trick or attacker, so you should concentrate on which people might want your assets (threats), what they might want from it, and how they might get it (risks). Coming up with a set of possible attacks you plan to protect against (mitigation) is called threat modeling. Once you have a threat model, you can conduct a risk analysis.

Adapted from Electronic Frontier Foundation Surveillance Self-Defense glossary.

Assets

An asset is something of value to you that you want to keep safe. Some examples of assets include bank accounts, equipment, jewelry, or proprietary information.

Threats

Threats are the people or entities who may have a vested interest in compromising our assets. It is important to think about who may want to steal your assets and why they might want to do so in order to build an effective model. Understanding threats helps anticipate our risks and manage strategies for mitigation. Some examples of threats include thieves, hackers, intimate partners, your boss, rival companies, law enforcement, and intelligence agencies.

Risks

Risks are the vectors threats will use to compromise your assets. Understanding your threats and their interest in your assets will help you anticipate and mitigate risk vectors. Some examples of risks include weak passwords, open windows, unlocked doors, or unattended valuables in public.

Mitigation

Mitigation refers to the process of reducing the ease of which risk vectors may be exploited by threats. Some examples include keeping valuables in a safe, securing windows and doors, installing a security system, strong passwords combined with the use of multi-factor authentication.

Want to lead a CryptoParty?

Is there a topic in digital security you're particularly interested in? Leading a CryptoParty is a great way to learn more about emerging cryptographic and security concepts. We are looking for folks with all kinds of backgrounds and interests to share their knowledge and interest. Talk to @csethna or @Ed O. on Slack if you're interested!

You can’t perform that action at this time.