Assets
Please only use this section after you have considered the risks and difficulties of asset-centric modeling, as discussed in Chapters 2 “Strategies for Threat Modeling” and 19 “Architecting for Success.”
Computers as Assets
You can label various types of computers as assets, including the following:
- Computers used by individuals
- This computer
- A laptop
- A mobile phone
- iPad/Kindle/Nook
- etc.
- Servers
- Web server
- E-mail server
- Database server
- etc.
- Security systems
- Firewall
- VPN concentrator
- Log server
- Functional groups
- Development systems
- Financial systems
- Manufacturing systems
People as Assets
You can think of people as assets who could come under attack. (Of course, it is more correct to consider them as resources.) Some groups of people you might consider include the following:
- Executives
- Executive assistants
- Sysadmins
- Sales people
- Janitorial staff
- Food-processing staff
- Contractors of various stripes
- Any employee
- Citizens
- Immigrants
- Minorities...