Question 40
Domain 5: Privacy by DesignA wellness-app team says it already ran STRIDE, so no further privacy review is needed. What is the STRONGEST response?
Correct answer: C
Explanation
STRIDE is a security threat model, not a full privacy review, so it can miss privacy harms like “linkability,” “identifiability,” and “unwanted secondary use.” Privacy analysis needs a privacy-specific model, such as LINDDUN, to cover those risks.
Why each option is right or wrong
A. STRIDE is enough because privacy is a subset of security
B. Privacy review can wait until the first customer complaint arrives
C. STRIDE may miss privacy-specific harms such as linkability, identifiability, and unwanted secondary use unless it is supplemented with a privacy model
STRIDE is a security-oriented threat model, not a privacy assessment framework, so it does not systematically cover privacy harms such as linkability, identifiability, and secondary use of personal data. In practice, privacy reviews need a privacy-specific model—commonly LINDDUN—to address those categories, because a security-only pass can leave data-protection risks unexamined even when no classic STRIDE threat is found.
D. Threat modeling is relevant only for regulated industries