/docs/projects_threat_modelling_docs_docs.output/projects_threat_modelling_docs_identify_identify.output/ Recent content in Identify on tplat Hugo en /docs/projects_threat_modelling_docs_docs.output/projects_threat_modelling_docs_identify_identify.output/elevation-of-privlege/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/projects_threat_modelling_docs_docs.output/projects_threat_modelling_docs_identify_identify.output/elevation-of-privlege/ <h1 id="elevation-of-privlege">Elevation of Privlege<a class="anchor" href="#elevation-of-privlege">#</a></h1> <p>Elevation of Privelege is a game created by Adam Shostack in which</p> /docs/projects_threat_modelling_docs_docs.output/projects_threat_modelling_docs_identify_identify.output/brainstorming/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/projects_threat_modelling_docs_docs.output/projects_threat_modelling_docs_identify_identify.output/brainstorming/ <h1 id="brainstorming">Brainstorming<a class="anchor" href="#brainstorming">#</a></h1> <p>One of the most simple ways to identify threats is to host a brainstorming session. Brainstorming can be broken down into (1) a period of idea generation, and (2) a period of filtering where the best ideas are selected. Before brainstorming, it is often helpful to define the scope of attacks under consideration.</p> <p>On its own, brainstorming is not a sufficient form of threat modelling. This is because it is (deliberately) unstructured, and does not provide a high degree of confidence that all threats have been identified - i.e., did your brainstorming session end because you found all threats, or because you became tired / the meeting ended?</p>