Threat models

Knowing your enemies

What are threat models

Balancing security and usability is one of the more difficult tasks of developers. It’s a trade-off. The more secure something is, the less usable it is, and vice versa.

The problem with this is that tools offering maximum security available are usually very hard to use.

If you wanted to use the most secure tools available, you’d have to sacrifice a lot of usability. And even then, there’s nothing like full security. There’s maximum security, but not full security. That’s why threat models are important.

So, what are these threat models?

A threat model is a model of the most probable threats to your security/privacy endeavors. It narrows down your thinking about the protection you need. Since it’s impossible to protect yourself against every attack(er), you should focus on the most probable threats.

Examples of threat models

An investigative journalist’s threat model might be (protecting against) a government.

A company’s manager’s threat model might be (protecting against) a hacker hired by competition to do corporate espionage.

Creating your threat model

In order to create your threat model, you need to ask yourself the following questions:

  • Do you want to protect anything in particular? (i.e. confidential documents)
  • Who do you want to protect yourself and your data from? (attackers targeting the mass; attackers targeting your company; attackers targeting you in particular)
  • What’s the worst possible outcome of the absence of necessary security?

Then, you should decide how much usability are you willing to sacrifice for security.

With this in mind, you can decide how secure (therefore inconvenient) tools you want to use.