APA Threat modeling

8 Oct 2020 | Inception Activities

Aqui você irá aprender sobre:

Aquí aprenderás sobre:

Here you will learn about:

Ici, vous apprendrez:

Qui imparerai a conoscere:

Hier erfahren Sie Folgendes:

Threat modeling is a process by which potential threats can be identified, enumerated, and mitigations can be prioritized. Depending on your inception context, you might have to explicitly add an activity for raising the conversation and listing the threat scenarios to be considered. The APA threat modeling activity organize the threats by exploring the Attackers, the Principals and the Assets.

Step by step:

      1. Explain the following template to everyone: Attackers use Principals to get Assets

    – Attacker –the threat agent, the individual or organisation who performs the malicious activities to an asset.
    – Principal – the entity that can be authenticated
    – Asset – the valuable data and/or equipment to be secure

    1. Ask the participants to list the Attackers, the Principals and the Assets
    2. Describe the threats by combining Attackers, Principals and Assets into the template
    3. Have a conversation about the threats (consider categorising and rating each threat)

    step 2 example (obfuscated for confidentiality)

    Example: Hactivist uses Website to get Bank account info

    I learned this activity from Rodrigo Rech, a security specialist.


>> This content is part of a series on inception activities.


Paulo Caroli

Paulo Caroli is the author of the best-selling book “Lean Inception: How to Align People and Build the Right Product” (the first on a series of books about Lean Strategy and Delivery). He's also the creator of FunRetrospectives.com , a site and book about retrospectives, futurospectives and team building activities. Caroli writes on this blog frequently. Receive the next post in your email. Sign up here .
Participation Level Activity: Clarify the Participation Level and Engage Your Workshop Participants Effectively

Participation Level Activity: Clarify the Participation Level and Engage Your Workshop Participants Effectively

The “Participation Level” activity is a simple yet effective tool for collecting participant information and gauging their involvement in a workshop or session. By utilizing color-coded post-it notes and encouraging interactive introductions, this activity not only enhances understanding but also infuses energy and engagement into the group. Whether you’re organizing an inception or any collaborative session, this activity sets a vibrant tone and fosters a sense of active participation among attendees.

read more
Storytelling with OKRs

Storytelling with OKRs

This article promotes the use of storytelling to define group objectives and key results (OKRs). The “Storytelling with OKRs” activity is a collaborative method that encourages open discussions and reflection, fostering alignment and transparency among team members. This approach involves understanding the current context, setting objectives, identifying progress indicators, and defining key results. Ultimately, it helps teams work together toward achieving shared goals.

read more

Pin It on Pinterest