Course Release Date: May 25th 2022

D121 - Threat Modeling

Approximate Length – 30 Minutes

Intended Audience – Privacy Engineers and other Privacy Professionals, Software Developers, Managers, Architects and Engineers

Lesson Description

What is the difference between a threat and a risk? This course illustrates the close relationship between these two concepts, highlights the factors that must be considered when assessing risk, and notes the distinction between initial and secondary risk. Alongside this is presented a thorough explanation of threat actors (who they are and what motivates and enables them), at-risk individuals (the roles they play and the high-risk groups to which they belong), and proxies (their various types and how they are used to facilitate privacy violations). Lastly, students will learn about privacy violation consequences, including normative and tangible harms.

Learning Areas

  • Threats vs Risks¬†
  • Threat Actors, At-Risk Individuals, and Proxies
  • Normative vs Tangible Harms

Lesson Objectives

Upon completion of this course, students should understand the relationship between threats and risks, identify threat actors, at-risk individuals, and proxies, and distinguish between normative and tangible harms.

This lesson will prepare designers and developers to create interfaces purposefully designed not to manipulate users.