Skip to content

We borrow the concept of 'personas' from UX/service design and apply it to threat actors to improve understanding between security, technology and business teams. Created at the Open Security Summit 2020.

License

Notifications You must be signed in to change notification settings

cydea/threat-personas

Repository files navigation

Threat Personas

Threat personas are a tool to improve communication when discussing cyber security threats.

We use simple language, rather than practitioner terminology, so that they are accessible to infosec, technology and business teams alike. Their narrative-driven approach paints a rich picture that is easy for anyone to understand.

They fit between high-level labels (like cyber-criminal) and specific threat actor groups (like Tangerine Flamingo).

Why?

Often infosec practitioners, developers and business colleagues lack a clear picture of who they are trying to defend their organisation from.

This project contains the threat persona output from the Open Security Summit 2020 session Threat Personas and Application Vulnerability Scoring Model , by Phil Huggins and Robin Oldham. We had the objective to educate participants on personas and to create skeleton 'personas' for different threat actors.

An example set of threat personas, created byOSS2020 participants, can be found in this PDF.

We have found from experience that threat personas are a useful tool in a variety of use cases. We want to provide a collection of personas that teams can pick up, tailor, and use within their organisations without having to reinvent the wheel.

Usage

Pick up and use these example personas within your own organisation!

You may find some of the narratives, or characteristics, don't fit with your business operations and so you may find it beneficial to tailor them to your specific organisational environment.

Use cases

  • Awareness campaigns
  • Threat modelling
  • Risk identification / assessment

Plus many more. Let us know how you're using Threat Personas.

Personas

Persona definition

A persona is comprised of the following components:

  • Name: Humanise them with a name, optionally add a pithy headline
  • Face: A face helps bring them to life
  • Relationship: Either External or Internal
  • Intent: Either Malicious or Non-Malicious
  • Narrative: Where you get to create their backstory and explain their history, location, motivations, desires, concerns, and more.
  • Attributes:
    • Goals: One of Curiosity, Personal fame, Personal gain, National interests, Revenge
    • Opportunity: Connected to the Internet, Physically nearby, Access to connected partner, Access to organisations, Access to specific network/system
    • Skilss: No technical skills, End user, Power user, Developer, Researcher
    • Knowledge: External to organisation, Ex-organisation insider, Organisation partner, Customer, Employee, Other insider
    • Deterrability: Unconcerned criminal, Careful criminal, Careless law-abiding, Careful law-abiding

Existing personas

You can find a selection of examples within the persona directory of this project.

Contributing

We welcome contributions to this collection. If you've created a new threat persona then please raise a PR.

You can use tools, like Name Generator and Generated Photos, to help generate content for personas.

Disclaimer

The personas here are fictitious and any resemblance to real persons or other real-life entities is purely coincidental.

License

This resource is freely available under the Creative Commons Zero License (CC.0), so please use, share, modify and improve it!

About

We borrow the concept of 'personas' from UX/service design and apply it to threat actors to improve understanding between security, technology and business teams. Created at the Open Security Summit 2020.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published