{"id":4666,"date":"2019-01-03T07:50:06","date_gmt":"2019-01-03T07:50:06","guid":{"rendered":"https:\/\/www.gtechbooster.com\/?p=4666"},"modified":"2022-11-30T22:02:03","modified_gmt":"2022-11-30T22:02:03","slug":"threat-modeling-a-beginners-guide","status":"publish","type":"post","link":"https:\/\/gtechbooster.com\/threat-modeling-a-beginners-guide\/","title":{"rendered":"Threat Modeling, a beginners guide"},"content":{"rendered":"\n

If you are always worried about your Internet Service Provider, corporations, and the government watching you, or you have been looking to have a fair understanding of security on the internet, maybe it\u2019s time to complete an exercise called threat modeling.<\/p>\n\n\n

\"\"<\/a><\/div><\/div>

It sounds like something the Pentagon does in a war room, but it\u2019s a\nterm used by software developers anticipating security issues in their\ncode. Practically speaking, threat modeling is something everyone should\n do when considering how to safeguard their data.<\/p>\n\n\n

Follow the steps below to transform your vague paranoia into a rational game plan and get some peace of mind:<\/p>\n\n\n

What is threat modeling?<\/h2>\n\n\n

A good threat model is a thorough description of five things:<\/p>\n\n\n

  1. What you have to protect<\/li>
  2. Who you want to protect it from<\/li>
  3. The probability of them getting it<\/li>
  4. How far you\u2019re willing to go to protect it<\/li>
  5. What would happen if you failed<\/li><\/ol>\n\n\n

    1. What you have to protect: The assets<\/h2>\n\n\n

    Don\u2019t think of this as asking \u201cWhat do you have to hide?\u201d. Just try to think of all the types of data you have on your digital devices, where you keep them, and how many copies exist.<\/p>\n\n\n

    Emails, photos, messages, documents: How much of it is in the cloud,\nand how much is only on local devices? How many of those local devices\nconnect to the internet (smartphones, laptops), and how many don\u2019t (hard\n drives, USB)?<\/p>\n\n\n

    2. Who you want to protect it from: The adversaries<\/h2>\n\n\n

    For each asset, think about the consequences of it falling into the\nwrong hands. For instance, if you\u2019re a journalist, you may have several\npoliticians and\/or corporations who would like a look at your contact\nlist.<\/p>\n\n\n

    Maybe you have certain people whom you wouldn\u2019t want to access your\nsocial media profiles. Don\u2019t limit your thinking to just the people with\n the technical know-how to obtain your assets, because we\u2019ll get to that\n in the next step.<\/p>\n\n\n

    3. The probability of them getting it: The risk<\/h2>\n\n\n

    For each adversary, think of how likely he\/she is to gain access to\nyour data, or even attempt an attack in the first place. This will\ndepend on their technical skill level, motivation, and intent.<\/p>

    \"\"<\/a><\/div><\/div>\n\n\n

    Your neighbor might enjoy some free Wi-Fi now and again, but she might not be devious or motivated enough to try to steal your password. If you work in sales, your competitor has a financial motivation to see your private emails, but are they technically able to hack into your laptop? <\/p>\n\n\n

    Your ISP has access to your browsing history (unless you use Tor and\/or a VPN), but are they likely to use it to blackmail you? Maybe you don\u2019t like the idea of ISPs having your data in the first place (we certainly don\u2019t!), but it\u2019s still helpful to be realistic about threat likelihood, mostly just for sanity\u2019s sake.<\/p>\n\n\n

    4. How far you\u2019re willing to go to protect it: The cost<\/h2>\n\n\n

    If you\u2019ve read this far, chances are you\u2019re no slouch when it comes\nto internet privacy. But it\u2019s worth considering how much time (and\nmoney) you\u2019re willing to spend to protect your assets.<\/p>\n\n\n

    For most people, a subscription to a private, encrypted VPN service is the easiest solution, but there are many additional measures you can take if you\u2019ve evaluated your situation as high-risk. <\/p>\n\n\n