Threat Modeling over Coffee: A simple method of Data Prioritization

Summary

This article introduces a simple method for threat modeling data prioritization, especially useful for complex and organically grown software and data systems. It proposes a 'coffee chat' approach with managers to ask three key questions for threat modeling assets they control, using real-world stories from SOC management, analysis, and threat hunting to illustrate the process.

IFF Assessment

FRIEND

This article provides a practical, accessible method for defenders to improve their threat modeling and asset protection strategies.

Defender Context

Defenders often struggle with understanding and prioritizing the protection of vast and complex data assets. This 'threat modeling over coffee' approach offers a straightforward, low-barrier method to engage stakeholders and identify critical assets, which can be a foundational step in proactive security.

Read Full Story →