You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<h3> Learn more about privacy threat personas</h3>
The cards for the card game, with instructions, is available here: <ahref="personacards/">Persona Cards</a>.
<h3> Take a privacy threat modeling assessment </h3>
<b>Each persona is linked to several practical questions that a threat modeler can ask during sessions with product teams. The questionnaire, called xCOMPASS, along with linked personas are available <ahref="COMPASS/">here</a>.</b> For additional information or if you would like to access the paper, please contact the repository owners.
<b>Each persona is linked to several practical questions that a threat modeler can ask during sessions with product teams. The questionnaire, called xCOMPASS, along with linked personas are available <ahref="xCOMPASS/">here</a>.</b> For additional information or if you would like to access the paper, please contact the repository owners.
<h1> Why do we need personas? </h1>
As we try to reach privacy maturity, we need to think about high-level, systematic threats to an application that goes beyond privacy compliance. Privacy personas can be a team-exercise to think about overall threats after completing a privacy impact assessment, and before moving into the main threat modeling process. Personas help by contextualizing the threat - since <ahref="https://dl.acm.org/doi/fullHtml/10.1145/3544548.3581484">over 80% privacy threats come from non-malicious sources<a>, we need to have a persona-specific approach to identifying threats.
