Difference between revisions of "LFI 2024/Month 3"
Tesskwilson (talk | contribs) (→Month 3: TOPIC) |
Tesskwilson (talk | contribs) (→Discussion) |
||
Line 16: | Line 16: | ||
Threat modeling framework: | Threat modeling framework: | ||
− | + | * Assets: What do you want to protect? | |
− | + | * Adversaries: Who might want your assets? | |
− | + | * Capabilities: What can your adversary do? | |
− | + | * Consequences: What could happen if your adversary succeeds? What is the likelihood of this happening? | |
− | What resonated about the threat modeling framework? How can you picture using this in a library environment? Are there threat models/personas that feel particularly relevant to your work? | + | Threat Modeling Discussion Questions: What resonated about the threat modeling framework? How can you picture using this in a library environment? Are there threat models/personas that feel particularly relevant to your work? |
+ | |||
+ | Privacy Policies Discussion Questions: How does your library privacy policy measure up to the best practices discussed in month 2? Does your policy match the library's practices? Does it address the data lifecycle in libraries? If not, what needs to change for these conditions to be met? | ||
+ | |||
+ | Vendor Issues Discussion Questions: What resonated about the vendor discussion, and our conversation with Sarah Lamdan? What vendor issues are you most concerned about? What do you think about the advocacy and reform efforts that have taken place in libraries? What still needs to happen? What would need to shift to create real vendor accountability and change? What power do we currently hold to make this change, and what power do we need to build? | ||
==== Tasks ==== | ==== Tasks ==== |
Revision as of 12:19, 25 June 2024
Contents
Month 3: Privacy in the Library 2
- Real time lecture: Friday July 19 at 2:00-4:00 Eastern / 11:00-1:00 Pacific on Zoom
Overview
This month, we'll dig deeper into privacy best practices and explore how we talk about privacy in an accessible and personal way. We will talk about gaps in technical literacies and how we as library workers can bridge those gaps with patron and staff trainings, policy reviews and audits, and more.
Readings
No readings for this month. Instead, answer the discussion questions in Discord.
Guest lecturer
Discussion
Threat modeling framework:
- Assets: What do you want to protect?
- Adversaries: Who might want your assets?
- Capabilities: What can your adversary do?
- Consequences: What could happen if your adversary succeeds? What is the likelihood of this happening?
Threat Modeling Discussion Questions: What resonated about the threat modeling framework? How can you picture using this in a library environment? Are there threat models/personas that feel particularly relevant to your work?
Privacy Policies Discussion Questions: How does your library privacy policy measure up to the best practices discussed in month 2? Does your policy match the library's practices? Does it address the data lifecycle in libraries? If not, what needs to change for these conditions to be met?
Vendor Issues Discussion Questions: What resonated about the vendor discussion, and our conversation with Sarah Lamdan? What vendor issues are you most concerned about? What do you think about the advocacy and reform efforts that have taken place in libraries? What still needs to happen? What would need to shift to create real vendor accountability and change? What power do we currently hold to make this change, and what power do we need to build?