Skip to content

Commit

Permalink
Early consolidations of personas and questionnaire directories.
Browse files Browse the repository at this point in the history
  • Loading branch information
rtrimana authored Oct 29, 2024
1 parent 2a10cdb commit 1d9ab69
Show file tree
Hide file tree
Showing 58 changed files with 15 additions and 23 deletions.
12 changes: 12 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,18 @@

xCOMPASS is a questionnaire developed from [Models of Applied Privacy (MAP) personas](https://github.com/Comcast/xCOMPASS/tree/main/personas). Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification).

<h1> How to contribute? </h1>
We welcome all kinds of contributions to this framework, especially:

- Changes to xCOMPASS questions, language, typos, fixes, etc.
- Deeper dive into privacy design strategies.
- Linking to other principles beyond FIPPS.
- Additional personas beyond those already in [xCOMPASS.md](/xCOMPASS/personas.md), using the different combinations from the framework above.
- Specific use cases of MAP (please create a new folder for each use case) in your industry, even if hypothetical.
- Changes to language, typos, fixes, etc.

However, if you have other ideas, albeit simple, please do not hesitate to connect with us. For contribution to xCOMPASS questionnaire, please find more information [here](https://github.com/Comcast/xCompass/edit/main/xCOMPASS/README.md#-how-to-contribute-). Please also have a look at more instructions to commit your contribution in [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md).

<h1> Learn More </h1>
Please feel free to learn more about the questionnaire questions, as well as MAP framework by following these links:

Expand Down
17 changes: 3 additions & 14 deletions personas/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,13 @@
Existing privacy threat modeling frameworks rely on partial asset-centric threats, can be time-consuming to implement due to their expansive nature, and need domain-knowledge expertise. We draw from prior literature to create a privacy threat modeling persona framework that developers can use to test and document privacy threats from their overall application. This tool, in addition to privacy impact assessments, can find edge cases of privacy harm. This framework can be used either as a table-top card game for privacy threat modeling.
<h3> Learn more about privacy threat personas</h3>
The cards for the card game, with instructions, is available here: <a href="personacards/">Persona Cards</a>.
<h3> Take a privacy threat modeling assessment </h3>
<b>Each persona is linked to several practical questions that a threat modeler can ask during sessions with product teams. These questions are not only useful to generate a set of privacy requirements (as early as the product design phase), but also link the requirements with privacy principles. The questionnaire, called xCOMPASS, along with linked personas are available <a href="xCOMPASS/">here</a>.</b> For additional information, please check out the <a href="https://github.com/Comcast/xCompass/edit/main/README.md#-list-of-publications--talks-">list of publications</a> below.

<h1> Why do we need personas? </h1>
<h1> Personas Help with Threat Analysis </h1>
As we try to reach privacy maturity, we need to think about high-level, systematic threats to an application that goes beyond privacy compliance. Privacy personas can be a team-exercise to think about overall threats after completing a privacy impact assessment, and before moving into the main threat modeling process. Personas help by contextualizing the threat - since <a href="https://dl.acm.org/doi/fullHtml/10.1145/3544548.3581484">over 80% privacy threats come from non-malicious sources<a>, we need to have a persona-specific approach to identifying threats.

<h1> Structure </h1>
<h1> Framework Structure </h1>

In terms of structure, the framework has three main components: (i) Threat Actor (characteristics and expertise), (ii) Threat Mechanism, and (iii) Threat Impact. The overall framework structure is shown below. The categories have been developed by combining existing frameworks like <a href="https://www.linddun.org/linddun">LINDDUN</a>, <a href="https://www.nist.gov/privacy-framework/nist-pram">NIST Risk Assessment Methodology<a>, and <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3782222">Privacy Harm Taxonomy</a>.
In terms of structure, the framework has three main components: (1) Threat Actor (characteristics and expertise), (2) Threat Mechanism, and (3) Threat Impact. The overall framework structure is shown below. The categories have been developed by combining existing frameworks like <a href="https://www.linddun.org/linddun">LINDDUN</a>, <a href="https://www.nist.gov/privacy-framework/nist-pram">NIST Risk Assessment Methodology<a>, and <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3782222">Privacy Harm Taxonomy</a>.

![Overall Threat Model](https://github.com/Comcast/xCOMPASS/blob/main/figures/Threat-Framework.jpeg)

Expand All @@ -24,12 +22,3 @@ In terms of structure, the framework has three main components: (i) Threat Actor
**Customizable:** The framework is independent of industry type and scale. This makes the generated personas easy to customize. For instance, if a developer or a threat modeler selects one item from each of the three component categories, they can customize the resulting persona based on their industry requirements.

**Moving away from an attacker-only approach:** Literature on security personas have majorly focused on adversarial personas since a majority of security threats originate from attackers. However, there are both malicious and benign threat actors who might cause privacy breaches. This framework addresses both kinds of threat actors across different scenarios.

<h1> How to contribute? </h1>
We welcome all kinds of contributions to threat personas, especially:

- Additional personas beyond those already in [xCOMPASS.md](/xCOMPASS/personas.md), using the different combinations from the framework above.
- Specific use cases of MAP (please create a new folder for each use case) in your industry, even if hypothetical.
- Changes to language, typos, fixes, etc.

However, if you have other ideas, albeit simple, please do not hesitate to connect with us. For contribution to xCOMPASS questionnaire, please find more information [here](https://github.com/Comcast/xCompass/edit/main/xCOMPASS/README.md#-how-to-contribute-). Please also have a look at more instructions to commit your contribution in [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md).
File renamed without changes.
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes
File renamed without changes.
File renamed without changes
File renamed without changes.
9 changes: 0 additions & 9 deletions questionnaire/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,3 @@ The categories defined in xCOMPASS are the following:
9. <a href="xCOMPASS.md#third-party-sharing">Third-party Sharing</a>

The full questionnaire is available <a href="xCOMPASS.md"> here</a>. Each question has a persona linked - if you would like to see an example persona for each combination listed here, use <a href="personas.md">this</a> link.

<h2> How to contribute? </h2>
We welcome all kinds of contributions to xCOMPASS questionnaire, especially:

- Changes to xCOMPASS questions, language, typos, fixes, etc.
- Deeper dive into privacy design strategies.
- Linking to other principles beyond FIPPS.

However, if you have other ideas, albeit simple, please do not hesitate to connect with us. Please also have a look at more instructions to commit your contribution in [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md).

0 comments on commit 1d9ab69

Please sign in to comment.