Cara Bloom, MITRE
This applied research talk will discuss the privacy threat modeling gap, challenges and opportunities of privacy threat modeling in practice, and a new qualitative threat model currently under development. In privacy risk management, there are well-respected methods for modeling vulnerabilities and consequences (or harms), but there is no commonly used model nor lexicon for characterizing privacy threats. We will discuss the gap in privacy risk modeling, how privacy threat-informed defense could better protect systems from privacy harms, and a working definition for a “privacy attack.” Then we will present a draft qualitative threat model – the Privacy Threat Taxonomy – developed to fill this gap in privacy risk modeling. This model was generated iteratively and collaboratively using a dataset of almost 150 non-breach privacy events, which includes directed, accidental, and passive attacks on systems. We will also discuss how practitioners can incorporate a threat model into their privacy risk management program.
Cara Bloom, MITRE
Cara Bloom is a Senior Cybersecurity and Privacy Scientist at MITRE where she leads research teams on privacy threat modeling and measuring privacy expectations for emerging technologies. She has provided privacy and cybersecurity expertise on international data protection legislation, autonomous and connected vehicle technology, and primary research on data de-identification and blockchain for identity. Cara has presented at the USENIX Symposium on Usable Privacy and Security, the FTC Data Privacy Day Conference, and the IAPP Global Summit. She holds an MS in Information Security Policy from Carnegie Mellon University and has experience at the Federal Trade Commission and CMU’s CyLab Security and Privacy Institute.
author = {Cara Bloom},
title = {Privacy Threat Modeling },
year = {2022},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}
