For each user, identify the threat model and potential mitigation techniques that will reduce the threat.
Bob is a 58 year old independent CPA. He primarily services medium-income individuals and local businesses in his town of 10,000. Bob shares office space with two others, both also independent CPAs. He describes his relationship with them as cordial, but not quite friendly. They are in competition with one another after all.
These days, Bob does most of his work by computer. He regularly uses email, an online file sharing website, and desktop tax software in his work. Although he has had to learn many new things as his work has changed, Bob has gained a reasonable understanding of the technology he uses. The records for each of his clients are encrypted using a different password. He also used different passwords for each online service. These passwords are kept in a notebook, which Bob diligently keeps locked in his file cabinet when not in use.
Adversaries -
Attack surface -
Attack vectors -
Risks (Confidentiality, Integrity, Availability, etc) -
Types of Attacks (Man-in-the-middle, (Distributed) denial of service, Backdoors/malware, social, etc.) -
Mitigation -
Yolanda, 17, is the most popular girl in her school. Her Insta is perfectly curated, her Snaps are da bomb, and her Facebook account exists so she can talk to her grandma every other Sunday.
She is on her phone constantly. Typing in pin numbers or doing those silly patterns takes too much time, and she always has her phone in hand anyway, so what’s the point in locking it? Yolanda also keeps all of her accounts logged in at all times so she can make sure she likes all of William’s posts before Jennifer gets to them.
Yolanda gets along well with most of classmates, except Jennifer, but there are always haters who want to take people down.
Adversaries -
Attack surface -
Attack vectors -
Risks (Confidentiality, Integrity, Availability, etc) -
Types of Attacks (Man-in-the-middle, (Distributed) denial of service, Backdoors/malware, social, etc.) -
Mitigation -
Zaida, 37, is a senior IT Security manager for the Washington, DC Embassy of a country whose relationship with the United States is, at best, complicated. She oversees accounts, permissions, and access for the embassy’s personnel, including locally employed staff.
Zaida is an expert in her field. At work, she and her team follow the latest best practices in account and network security. She keeps her work and home life private - using separate phones and computers for each. He job is high stress, so she values her time off as a chance to relax and step away from the high-stakes world of her job, and enjoys not having to worry about someone hacking her devices or accounts.
Adversaries -
Attack surface -
Attack vectors -
Risks (Confidentiality, Integrity, Availability, etc) -
Types of Attacks (Man-in-the-middle, (Distributed) denial of service, Backdoors/malware, social, etc.) -
Mitigation -
Rashad is a web developer for a small UI/UX firm. He just had one of his projects hit the front pages of all the trendy design subreddits and blogs. He’s very excited, but a little concerned that his twitter, instagram, and github handles are now being shared all over the internet.
He currently uses different passphrases for all of his accounts, except that he shares the same password for all of his email accounts because he has them all set up to forward to a single account anyway.
Rashad is himself an avid blogger. He has a moderately popular, weekly column where he shares the weeks adventures, hangouts, vacations, etc. He is excited that next week he will be heading out to his favorite vacation spot since childhood - Rehoboth Beach, DE.
Adversaries -
Attack surface -
Attack vectors -
Risks (Confidentiality, Integrity, Availability, etc) -
Types of Attacks (Man-in-the-middle, (Distributed) denial of service, Backdoors/malware, social, etc.) -
Mitigation -