From 54ccd2b2d1459b40a23e8b01b11de2cf9270d080 Mon Sep 17 00:00:00 2001 From: Rahmadi Trimananda Date: Wed, 2 Oct 2024 12:58:10 -0400 Subject: [PATCH] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9e971b0..714395c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@

xCOMPASS (COMcast Privacy ASSistant)

-xCOMPASS is a questionnaire developed from [Models of Applied Privacy (MAP) personas](https://github.com/Comcast/xCOMPASS/tree/main/personas) so that threat modelers can ask specific and targeted questions covering a range of privacy threats. Each question is linked to a persona. Before diving into privacy threats, the following scoping questions might be helpful during a threat modeling session. This is because the existence of personal information must be known, even if it is managed and is not an active threat. Team must ensure that these are properly handled when they exist, and reviews are done for special categories of such information. +xCOMPASS is a questionnaire developed from [Models of Applied Privacy (MAP) personas](https://github.com/Comcast/xCOMPASS/tree/main/personas). Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification).

Learn More

Please feel free to learn more about the questionnaire questions, as well as MAP framework by following these links: