<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] (or [Threat landscape]) describes the capabilities that an [attacker] is assumed to be able to deploy against a [resource]. [BCP 72] [{$pagename}] should contain such information as the resources available to an attacker in terms of
* information or [data]
* [computing capability|Computational Hardness Assumption]
* control of the system

[{$pagename}] purpose is twofold.  First, we wish to identify the [threats] we are concerned with.  Second, we wish to rule some [threats] explicitly out of scope.  Nearly every security system is vulnerable to a sufficiently dedicated and resourceful [attacker].

[{$pagename}] helps you identify [Vulnerabilities|Vulnerability] to the [entities] you value and determine from whom you need to protect them. When building a threat model, answer these five questions:
* What do I want to protect? ([Resources])
* Who do I want to protect it from? ([Attackers])
* How bad are the consequences if I fail? ([Regulatory Risk], [Operational Risk] or [Real Risk])
* How likely is it that I will need to protect it? (consider [Attack Effort])
* How much trouble am I willing to go through to try to prevent potential consequences? ([Acceptable risk])

For a [closer look|https://ssd.eff.org/en/module/assessing-your-risks|target='_blank'] at each of these questions.

[{$pagename}] reviews should be performed any time a [Resource] is created and periodically as [Attacks] and [Vulnerabilities|Vulnerability] change over time.

!! [Internet Threat Model]
[Internet Threat Model] is described in [BCP 72] as a fairly well understood [{$pagename}].

!! Components of the [{$pagename}]
* [Malware]
** [Ransomware]
** [Spyware]
** [Botnet]
** [Keylogger]
* [Social Engineering Attack]
** [Pretexting]
** [Phishing]
** [Smishing]
** [Vishing]
** [Tailgating]
** [USB Attack]!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Assessing Your Risks|https://ssd.eff.org/en/module/assessing-your-risks|target='_blank'] - based on information obtained 2017-10-13- 
</pre>