One of my favorite sections draws from the EFF Threat Modeling page. “Threat modeling” may sound like something a management consultant would explain to you with 19 PowerPoint slides for only $45,000. But it really just consists of considering these five questions:
- What do I want to protect?
- Who do I want to protect it from?
- How bad are the consequences if I fail?
- How likely is it that I will need to protect it?
- How much trouble am I willing to go through to try to prevent potential consequences?
Ultimately the goal of information security is not to protect the information assets absolutely. Protecting anything absolutely is not even theoretically possible. What we’re trying to do here is, make the information assets more trouble to attack successfully than they’re worth. If stealing a new sprocket design from the engineers at Spacely Sprockets is worth $4 million, then we have to make it cost an expected $4.5 million or more to get. That way, even success is failure for the attacker.
But if preserving that design is worth $4 million to us, we’d be idiots to spend $4.5 million defending it. We could post it on Facebook and save ourselves $500,000.
Threat modeling is really just taking a breath, refusing to panic, and applying all-too-UNcommon sense.