SecureByDesign-Playbook
Home Network Example
This is a worked example of the Quick Secure By Design Playbook for a home network, so that you can see how it works for something familiar.
Bear in mind that for home or small office networks, or other ‘standard’ situations, then standard checklists or guidelines such as the UK NCSC Cyber Essentials may be faster and clearer.
Assets & Uses
For example in our home networks we will have sensitive personal information about our families on home laptops or phones, some valuable gaming devices, and probably access to our financial assets at a bank. For each of these consider what the impact would be if you didn’t have it any more, or if someone got a copy of it, or somebody fiddled with it. [read more]
| Asset | Uses | Nicked | Bricked | Tricked |
|---|---|---|---|---|
| Work Laptops | Arthur uses for work in the living room, Betty in the spare bedroom | Our competitors gain advantage. I lose a few days work to get it replaced | I lose a few days work get it replaced | Phishing attack means I send some |
| Financial information | Arthur and Betty use phone apps to manage accounts | Lost money | Cannot make payments for a few days | Make payments to the wrong people; lost money |
| School Reports | School and parent use to communicate Jonny’s lack of progress | Jonny’s reputation reduced | We can’t track Jonny’s progress | Jonny’s hacked the school sharepoint again. Four points to huffleslyth |
| PlayXBoy 5000Kz | Arthur plays games | Arthur can’t play games | No one can play games | Arthur thinks he’s good at games |
Network
We draw out each device in our house, and then draw a line between it and the router that it connects to, depending on whether it is wifi (orange) or cable (blue). You should also include visitor and guest devices.
Threats
For this playbook we focus on threat actors: people and groups that deliberately or accidentally