Single Asset QTRA for: my mobile browser history
Date: 2019-06-05
Analyst: jfr@qtra.io



Nav: ←, →, ↑, ↓
'esc': slides overview
Feature or Asset In Scope

Name Description
my mobile browser history List of all internet sites, services, and content viewed on your mobile device.

Relative Sensitivity to Compromise



Name Confidentiality Integrity Availability
my mobile browser history High High Low
Threat Actors in Scope

Threat Actor compromises, "my mobile browser history"
Threat Stories

Conference App Developer compromises the Confidentiality of my mobile browsing history to hoover up PII and contacts to leverage attendee profiles
Malware Authors compromises the Confidentiality of my mobile browsing history to extract bitcoin ransom.
Manager compromises the Confidentiality of my mobile browsing history as part of constructing case to manage out employee.
Phone Theft Ring compromises the Confidentiality of my mobile browsing history to extract credentials for sites from my stolen phone.
Spousal Partner compromises the Confidentiality of my mobile browsing history as result of suspicion and for leverage in relationship.
State Sponsored APT compromises the Confidentiality of my mobile browsing history to re-identify users of privacy services.
Model Threat Scenarios
Threat Actor compromises Confidentiality, Integrity, or Availabilty of Asset
Simple Asset Threat Exposures Threat Actor compromises Asset
Asset Risk
Recommended priority to respond to threats based on current controls.
Controls
Security Control at Stack Layer protects Asset
Logical Security Model
Technologies at Stack Layer use Controls to protect Asset

Asset Controls Coverage

Current Security Controls for: my mobile browser history

Prevention Detection Response
Application

CC

I

tbd.

Network

CICICI

tbd.

tbd.

Endpoint

CCC

CI

tbd.

Cloud

CI

tbd.

tbd.

Confidentiality: High , Integrity: High, Availability: Low