threat modeling librarian freedom conference
TRANSCRIPT
What are we talking about?
What the hell is threat modeling?
How do you do it?
What makes this trickier than it looks?
What the hell is threat modeling?
111sdgisjfoisejfoijs11. What do you want to protect?kok1. What do you want to protect?
2.1. What do you want to protect? ASSETS1. What do you want to protect
1. What do you want to protect?
What the hell is threat modeling?
111sdgisjfoisejfoijs11. What do you want to protect?kok1. What do you want to protect?
2.1. What do you want to protect? ASSETS1. What do you want to protect
1. What do you want to protect?
2. Who do you want to protect it from?
What the hell is threat modeling?
111sdgisjfoisejfoijs11. What do you want to protect?kok1. What do you want to protect?
2.1. What do you want to protect? ASSETS1. What do you want to protect
1. What do you want to protect?
2. Who do you want to protect it from?
3. How likely is it you will need to protect it?
What the hell is threat modeling?
111sdgisjfoisejfoijs11. What do you want to protect?kok1. What do you want to protect?
2.1. What do you want to protect? ASSETS1. What do you want to protect
1. What do you want to protect?
2. Who do you want to protect it from?
3. How likely is it you will need to protect it?
4. How bad are the consequences if you fail?
What the hell is threat modeling?
111sdgisjfoisejfoijs11. What do you want to protect?kok1. What do you want to protect?
2.1. What do you want to protect? ASSETS1. What do you want to protect
1. What do you want to protect?
2. Who do you want to protect it from?
3. How likely is it you will need to protect it?
4. How bad are the consequences if you fail?
5. How much trouble are you willing to go through in order to prevent those consequences?
“When we share information, we are building power of our own. Potential harassers may deterred by the thought that we are both capable of and willing to turn the eye of internet surveillance back on them.”
Liz Henry, Model View Culture Investigation Online: Gathering Information to Assess Risk
“Before his gauche upload, he posted a picture of his lobster salad and tagged the restaurant.”
New York Post
“One day soon, home room teachers in your local middle and high schools may stop scanning rows of desks and making each student yell out ‘Here!’ during a morning roll call. Instead, small cards, or tags, carried by each student will transmit a unique serial number via radio signal to an electronic reader near the school door.”
AT&T advertising brochure
Further reading
What Every Librarian Should Know About HTTPS: https://www.eff.org/deeplinks/2015/05/what-every-librarian-needs-know-about-https
Surveillance Self Defense: https://ssd.eff.org.
COMSEC: Beyond Encryption: https://grugq.github.io/presentations/COMSEC%20beyond%20encryption.pdf
Digital First Aid Kit: http://digitaldefenders.org/digitalfirstaid/