Overview
Privacy is important. It matters to your users, is required by law, and strengthens your security posture. So let's do some privacy threat modeling! But, how do you actually do that in practice? This talk explores how privacy can, and should, be integrated in your security threat modeling practice.
Outline
- Privacy 101: what is privacy and why is it important?
- Privacy VS. security: key differencesÂ
- Privacy AND security: how can they strengthen each other
- Threat modeling for security AND privacy - for each step, we'll explore requirements, attention points, and tips and tricks on how to bring privacy into threat modeling practiceÂ
- Concluding remarks
Â
Â
Slides
Â
About the speaker
Kim Wuyts is a privacy researcher with more than 15 years of experience in security and privacy engineering. Kim is one of the driving forces behind the development and extension of LINDDUN, a privacy threat modeling framework. She is also a co-author of the Threat Modeling Manifesto, program co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA’s working group on Data Protection Engineering.