LINDDUN Methods
From lean to comprehensive analysis approaches
LINDDUN GO, PRO & MAESTRO
LINDDUN provides various approaches of varying degrees of complexity and comprehensiveness targeted to diverse stakeholders.
Whether you are taking your first steps towards privacy engineering and looking for a lean methodology, or are a more advanced user looking for a systematic and in-depth analysis, which can be supported by tooling and automation … get familiar with GO, PRO and MAESTRO.
Determine which LINDDUN approach is best suited for your organization or team to start your privacy engineering journey.
LINDDUN
GO
LINDDUN GO takes on a lean, cross-team approach in finding privacy issues. GO comes in the form of a card deck representing the most common privacy threats, with the key hotspots to look for in your system. These self-contained cards will guide you through the privacy assessment.
Best performed in a structured brainstorm setting with a diverse team of privacy enthusiasts.
LINDDUN
PRO
LINDDUN PRO takes on a systematic and exhaustive approach in finding privacy issues. Starting point is a DFD system abstraction, where you focus on all interactions between DFD elements and investigate potential privacy threats. Available knowledge support: privacy threat types, privacy threat trees, mapping table.
PRO allows you to leverage tooling to automate your analysis activities.
LINDDUN
MAESTRO
LINDDUN MAESTRO takes on a systematic and exhaustive approach in finding privacy issues by leveraging an enriched system description to enable more precise threat elicitation. Starting point is a threat-specific system abstraction, to support the advanced analysis for threats of that particular type.
More info coming soon.
Methods compared
Within your organization or team, what is the best course to take to start your privacy engineering journey? Compare the key properties of each LINDDUN method, in terms of knowledge, expertise, effort, analysis, and supported model inputs.
| GO | PRO | MAESTRO | |
|---|---|---|---|
| Privacy threat knowledge | |||
| LINDDUN | ● | ● | ● |
| Threat cards | ● | ||
| Threat trees | ● | ● | |
| Privacy Expertise | |||
| Novice | ● | ||
| Expert | o | o | |
| Effort | |||
| Low adoption threshold | ● | ||
| Main focus on modeling | o | ● | |
| Main focus on analysis | ● | o | |
| Analysis | |||
| Brainstorm | ● | ||
| Manual | ● | o | o |
| Tool-assisted | ● | ||
| STRIDE-compatible |
● | ||
| Primary input | |||
| Unconstrained (sketch) | ● | ||
| Data flow diagram (DFD) | ● | ||
| Enriched DFD | ● | ||