Risk & Threat Analysis
Summary
Purpose
Guiding Questions
Operational Security
Preparation
Outputs
Activities
Footnotes
References and resources for Risk & Threat Analysis
-
Overview: "Your security plan: An Introduction to Threat Modeling" (Surveillance Self-Defense)
-
Guide: "Risk Assessment" (Workbook on Security: Practical Steps for Human Rights Defenders at Risk - Chapter 2)
-
Guide: "Threat Assessment: Chapter 2.5 p. 38" (Operational Security Management in Violent Environments (Revised Edition))
-
Guide: "Defining The Threshold Of Acceptable Risk" (Integrated Security)
-
Guide: "Guide for Conducting Risk Assessments" (NIST 800-30)
-
Report: "Risk Thresholds in Humanitarian Assistance" (European Interagency Security Forum)
- Book: "Threat Modeling: Designing for Security" (Adam Shostack)
- Website: "Your security plan: An Introduction to Threat Modeling" (Surveillance Self-Defense)
- Article: "Security for Journalists, Part Two: Threat Modeling" (Jonathan Stray)
- Guide: "Managing Information Security Risk: Organization, Mission, and Information System View" (NIST)
- Guide: "Guide for Conducting Risk Assessments" (NIST)
- Activity: "Threat Model Activity" (Tow Center)
- Tool: Deciduous Threat Decision Tree Generator Guide | Tool including sample Tree (Kelly Shortridge)
-
Guide: "Risk Assessment" (Operational Security Management in Violent Environments (Revised Edition) - Chapter 2)
-
Guide: Risk Assessment (Workbook on Security: Practical Steps for Human Rights Defenders at Risk - Chapter 2)
-
Book: "Pre-Mortum Strategy" (Sources of Power: How People Make Decisions - p.71)
- Guide: "Threat Assessment: Chapter 2.5 p. 38" (Operational Security Management in Violent Environments (Revised Edition))
- manual: Establishing the threat level of direct attacks (targeting) (Protection Manual for Human Rights Defenders)
-
Guide: "Defining The Threshold Of Acceptable Risk" (Integrated Security)
-
Guide: "Risk Analysis: Chapter 2.7 - Operational Security Management in Violent Environments (Revised Edition)" (HPN - Humanitarian Practice Network)
-
Workbook on Security: Practical Steps for Human Rights Defenders at Risk
-
Guide: "Risk Assessment For Personal Security" (CPNI - Centre for the Protection of National Infrastructure)s
-
Guide: "Threat Assessment & the Security Circle" (Frontline Defenders)
-
Case Study: "Case Study 1 Creating a Security Policy" (Frontline Defenders)
- Human Rights
- Transparency [^corruptions_perception_index]
- Public Service Delivery
- Health
- Free Media and Information
- Threatened Voices: Tracking suppression of online free speech.
- IREX’s Media Sustainability Index (MSI) provides in-depth analyses of the conditions for independent media in 80 countries across the world.
- Freedom House's "Freedom on the Net" index, assessing the degree of internet and digital media freedom around the world.
- Freedom House's "Freedom of the Press" index assess' global media freedom.
- ARTICLE 19 freedom of expression and freedom of information news by region.
- Open Society Foundation - Mapping digital media
- Press Freedom Index (RSF)
- Climate Issues
- Gender Issues
- Poverty Alleviation
- Community Building
- Peace promotion
- Agricultural Development
- Entrepreneurship
- Water, Sanitation
- Transportation
- Disaster Relief
- Country threat reports [^EISF_Alerts]
- Examine Transparency Reports
- Find most used sites in region. [^alexa]
- Search for transparency reports for most used sites. [^transparency]
-
Database: "The Aid Worker Security Database (AWSD) records major incidents of violence against aid workers, with incident reports from 1997 through the present." (The Aid Worker Security Database (AWSD))
-
Platform: "The HumanitarianResponse.info platform is provided to the humanitairan community as a means to aid in coordination of operational information and related activities." (Humanitarian Response)
-
Organization: "ReliefWeb has been the leading source for reliable and timely humanitarian information on global crises and disasters since 1996." (ReliefWeb)
-
Monitor: "CNL's NGO Law Monitor provides up-to-date information on legal issues affecting not-for-profit, non-governmental organizations (NGOs) around the world." (NGO Law Monitor)
-
Survey: ["This is a survey of existing and proposed laws and regulations on cryptography - systems used for protecting information against unauthorized access."(http://www.cryptolaw.org/)] (The Crypto Law Survey)
-
Resource: "Transparency Reporting Index: collects information on companies which publish transparency reports and highlights best and worst practices." (Access Now)
-
Article: "Legal Issues in Penetration Testing" (Security Current)
-
Wiki Page: ["Anti-circumvention: Laws and Treaties"(https://en.wikipedia.org/wiki/Anti-circumvention)] (Wikipedia)
-
Guide: "Encryption and International Travel" (Princeton University)
-
Guide: "World Map of Encryption Laws and Policies" (Global Partners Digital)
-
List: "National Cyber Security Policy and Legal Documents" (NATO Cooperative Cyber Defence Centre of Excellence)
-
Database: "APT Groups and Operations"
-
Database: "APTNotes"
-
Country Profiles: "Current cybersecurity landscape based on the five pillars of the Global Cybersecurity Agenda namely Legal Measures, Technical Measures, Organisation Measures, Capacity Building and Cooperation." ( Global Cybersecurity Index (GCI))
-
Reports: Search Privacy International's in-depth country reports and submissions to the United Nations. (Privacy International)
-
Organization: "The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security." (The Citizen Lab)
-
Database: "International Cyber Developments Review (INCYDER)" (NATO Cooperative Cyber Defence Centre of Excellence)
-
Guide: "This handbook sets out an overview of the key privacy and data protection laws and regulations across 72 different jurisdictions, and offers a primer to businesses as they consider this complex area of compliance." (Data Protection Laws of the World - DLA PIPER)
-
Reports: "Country Reports" (Open Network Inititiative)
-
Reports: "Regional Overviews" (Open Network Inititiative)
- Reports: "APWG Phishing Attack Trends Reports" (Anti-Phishing Working Group)
-
Map: "Cyber-Censorship Map" (Alkasir)
-
Dashboard: "At-A-Glance Web-Blockage Dashboard" (Herdict )
-
List: "Foreign travel advice" (GOV.UK)
-
List: "Travel Advice" (Australian Government)
-
Alerts: "Travel Alerts & Warnings" (US Department of State)
-
List: "List of airlines banned within the EU" (European Commission)
-
List: "A list of aircraft operators that have that have suffered an accident, serious incident or hijacking." (Aviation Safety Network)
-
Map: "A global display of Terrorism and Other Suspicious Events" (Global Incident Map)
Risk Modeling:
Threat Modeling Resources (General):
Risk Assessment Activities:
Threat Assessment Activities:
Example text for introducing threats - Integrated Security
Written exercise: Threats assessment - Integrated Security
Risk Matrix Activities:
Alternative Risk Modeling Activities:
Threat research by focus area:
Threat research by method:
General Threats by Region: