Get Started

Risk Assessment Tools

Risk Assessment Tools Here

Tools Included:

  • Comcast xCompass
    • xCompass is a questionnaire developed from Models of Applied Privacy (MAP) personas so that threat modelers can ask specific and targeted questions covering a range of privacy threats. Each question is linked to a persona, built on top of LINDDUN and NIST Privacy Risk Assessment Methodology. xCompass contextualizes threats, by considering potential privacy threats as a combination of threat actor (both malicious and benign), mechanism of attack, and probable impact. Teams can use xCompass directly as an assessment to model different privacy threats to their application.
  • Privado Scan
    • Privado Scan is an open-source privacy scanner that allows an engineer to scan their application code and discover how data flows in the application. It detects hundreds of personal data elements being processed and further maps the data flow from the point of collection to “sinks” such as external third parties, databases, logs, and internal APIs. It allows privacy engineers to concretely verify and assess if a certain data collection policy set on an application actually matches the implementation right in the code itself – thus embedding privacy assessments in the developers’ workflow.
  • FAIR Privacy
    • FAIR Privacy is a quantitative privacy risk framework based on FAIR (Factors Analysis in Information Risk). FAIR Privacy examines personal privacy risks (to individuals), not organizational risks. Included in this tool is a PowerPoint deck illustrating the components of FAIR Privacy and an example based on a hypothetical smart lock manufacturer. In addition, an Excel spreadsheet provides a powerful risk calculator using Monte Carlo simulation.
  • NIST Privacy Risk Assessment Methodology (PRAM)
    • The PRAM is a tool that applies the risk model from NISTIR 8062 and helps organizations analyze, assess, and prioritize privacy risks to determine how to respond and select appropriate solutions. The PRAM can help drive collaboration and communication between various components of an organization, including privacy, cybersecurity, business, and IT personnel.

Linkedin
Copyright 2025 © All Rights Reserved. Foryte Web Services, Inc. dba Enterprivacy Consulting Group