LINDDUN PRO
For systematic, interaction-based, privacy analysis
WHAT IS LINDDUN PRO?
Systematic and thorough privacy threat modeling
LINDDUN PRO is a structured and in-depth approach to identifying privacy threats to a system or application. It is the preferred method in case accountability and traceability are key. PRO can be used at any time during the development lifecycle, but is optimally performed during the design phase and repeated when needed.
When using PRO, you need to create a DFD to describe how data flows through your system. This gives insight into the system processes, data stores, interactions with external entities, and how the data flows between these elements. During the threat elicitation process, you need to iterate over each of the system’s interactions (i.e. DFD element interactions), and consider the sending, transfer and receiving of data. This way both data-centric and action-oriented threats will be covered.
Check out our instructions page.
PRO – aka LINDDUN-per-interaction – provides threat elicitation support based on its threat types, a catalog of threat trees, and a mapping table. The mapping table helps you define which threat types are relevant for each of the ‘send-transfer-receive’ combinations.
PRO allows exhaustive coverage and documentation of the privacy threat modeling process.
Participants
- Data privacy professionals
- Domain expert, architect, developer, DPO, CISO, legal expert …
Analysis & Expertise
- Systematic & complete method
- Longer lead time
- Medium model and analysis expertise
Resources & Input
- LINDDUN privacy threat trees
- LINDDUN threat types
- LINDDUN mapping table
- DFD system model
Get started with PRO
DOWNLOAD RESOURCES
- PRO mapping table
- PRO threat template
- PRO threat model template
- PRO tutorial
LINDDUN PRO Survey
We’d appreciate your feedback on using LINDDUN PRO. The survey will only take a few minutes.