Is it your first time doing privacy threat modeling? Are you overwhelmed or fed up by the different steps and artifacts you need to tackle to execute a full-fletched privacy assessment but still require some guidance in the process?
LINDDUN GO is here to help you get started. All you need are the LINDDUN GO threat cards and a model of your system
Ready? Set? LINDDUN GO!
What is LINDDUN GO?
LINDDUN GO is designed to give you a quick start to privacy threat modeling. It is a threat modeling approach structured according to LIND(D)UN threat categories. It aims to provide structured, yet light-weight support for threat modeling.
Why LINDDUN GO?
A traditional privacy threat modeling exercise such as LINDDUN provides extensive methodological and knowledge support to systematically tackle privacy threat analysis, yet the threshold to get started is rather high as it still requires a sufficient expertise of both the threat modeling process and privacy knowledge.
LINDDUN GO aims to lower this threshold of required expertise and accelerate the startup phase of the privacy threat modeling process by reducing the scope to the most impactful hotspots in the system and by presenting a more comprehensible (yet reduced) set of potential privacy threat types.
Who should use LINDDUN GO?
Beginners - This is a great educational tool to get started. The cards do not require privacy expertise, only privacy enthusiasm! The method itself is very simple, yet it nudges towards a typical threat modeling structure, making it a great stepping stone towards the more full-fletched LINDDUN approach.
Threat modelers with more experience - The cards can evidently also be used by more experienced threat modelers. The main difference with more traditional approaches, such as LINDDUN, is the lower 'friction' in application. LINDDUN GO does not require the creation of a mapping table, or a continuous browsing of the threat tree catalog. The cards will guide the elicitation process and are great to use in a group to guide and inspire a privacy discussion.
Note that, given the reduced set of system components and privacy threat types to consider, LINDDUN GO will not result in an as exhaustive threat model as the full-fletched LINDDUN.
Do you prefer to only use the LINDDUN acronym for your privacy brainstorming, make sure you check out the LINDDUN GO category cards. They provide a summary of each LIND(D)UN GO threat category and highlight the most relevant system hotspots where they might arise.
How it works
All you need is a set of LINDDUN GO threat type cards and a diagram of the system you want to threat model
(a DFD is preferred, but a white-board sketch will work too).
Of course you can use LINDDUN GO by yourself, but it gives the best results when you do a with a group of people (preferably 2-5). That way you can inspire (and challenge!) each other.
The LINDDUN GO method is very easy: you take turns picking a (random) card and start identifying threats that correspond with the drawn threat type card. Each card highlights the hotspot(s) in the system where the threat can arise and contains guidance questions to identify whether or not it is applicable to the system you are analyzing.
Detailed instructions on how to use LINDDUN GO can be found on the getting started page.
Download LINDDUN GO
LINDDUN GO cards
LINDDUN GO getting started guide
LINDDUN GO threat description template