Includes No Dirt - A Practical Approach to Threat Modeling

Introduction

The problem for practitioners in digital healthcare, like for most other healthcare organizations, is the limited
resources describing how to consistently and scalably evaluate risks. - Concepts may be clear, but real world
methodologies are lacking - a dangerous proposition for an increasingly large percentage of the healthcare sector. The objective of this paper is to provide an actionable guide for security, privacy and compliance practitioners in digital healthcare. However, we believe the processes described in this guide can extend to nearly any organization that takes security and privacy seriously. The framework we have developed is built on the foundation of decades of work done by other recognized bodies. Our threat model builds chiefly on two major frameworks that have effectively guided practices even as industries have rapidly evolved.

We learned about this report from author William Dougherty who is part of the"Back to Basics" book.

“Back to Basics” is a joint project among twenty one industry leaders coming from security, operations, product, and privacy. The primary theme of this book is that adhering to basic security building blocks creates a strong foundation for cyber resilience.The idea is to share our learnings in small accessible and practical chunks. These tips and tricks can be easily picked up by security leaders and practitioners across the spectrum of organizational maturity. The simple models shared by our contributing authors can become the baseline for how others can efficiently get to an adequate security posture.