- Who are potential adversaries for the organization?
- Do these threat actors have a history of attacks? Against whom?
- What types of organizations have they targeted?
- Does the threat actor have the means to leverage widespread threats against, or will they have to prioritize their targets? Is the organization a priority threat target?
- Do they have the desire and ability to conduct an attack?
- Data generated in this component is highly sensitive - in addition to standard practices of saving only in encrypted containers and destroying physical copy versions (stickies, etc.) ans using VPNs/Tor to conduct research, also take note of the physical location where you are conducting any exercises to prevent eavesdropping/viewing.
- Threat Identification works best grounded against mapped out organizational processes or a data/asset map. See the Process Mapping and Data Assessment Methods for exercises to generate these.
- Threat Identification discussions, where you facilitate group activities where staff identify possible adversaries and the threats that they have/can leverage against the group, can trigger strong emotions and be draining for the participants. Prepare accordingly to schedule this with downtime (i.e. not right before or after another intense exercise) and to have a plan to address the psychosocial needs of individuals.
- Initial, limited conversations with senior staff should help scope and guide group exercises
- A host driven threat-matrix including the following:
- Adversaries (threat actors) with capabilities and willingness
- Impacts of attacks against critical processes, ranked by severity
- Likelihood of each (based on adversaries)
- Latest general cyber-security threats
- Identify existing in/formal security practices that the participants use to address risks.
Risk Modeling Using the Pre-Mortem Strategy_The pre-mortem strategy was devised to take participants out of a perspective of defending their plans and strategies and shielding…
Guiding Questions for High-Risk Organisations_This additional interview activity is to identify if there are any indicators that the organization may have already been attacked and/or…
Sensitive Data_Data and meta-data about an organization and its staff is incredibly difficult to keep track of over time, as people or projects use cloud…
Threat Identification_These activities build off of a process or data mapping exercise to connect actual processes or assets and data of the organization with…
Creating a Risk Matrix_As part of SAFETAG's dedication to building agency and supporting organizational adoption of safer practices, a careful prioritization of…
Threat Interaction_This helps the auditor enumerate threats that the organization is concerned about and the internal priorities of them. At the same time, it…
Regional Context Research_This exercise focuses on research and re-confirmation of regional issues from general trends to specific legal restrictions and safety…
Self Doxing_Doxing (also "doxxing", or "d0xing", a word derived from "documents", or "docs") consists in tracing and gathering information about someone…
References and resources for Threat Assessment
- Guide: "Threat Assessment: Chapter 2.5 p. 38" (Operational Security Management in Violent Environments (Revised Edition))
- manual: Establishing the threat level of direct attacks (targeting) (Protection Manual for Human Rights Defenders)
- Book: "Threat Modeling: Designing for Security" (Adam Shostack)
- Website: "An Introduction to Threat Modeling" (Surveillance Self-Defense)
- Article: "Security for Journalists, Part Two: Threat Modeling" (Jonathan Stray)
- Guide: "Managing Information Security Risk: Organization, Mission, and Information System View" (NIST)
- Guide: "Guide for Conducting Risk Assessments" (NIST)
- Activity: "Threat Model Activity" (Tow Center)
- Tool: Deciduous Threat Decision Tree Generator Guide | Tool including sample Tree (Kelly Shortridge)
- Public Service Delivery
Free Media and Information
- Threatened Voices: Tracking suppression of online free speech.
- IREX’s Media Sustainability Index (MSI) provides in-depth analyses of the conditions for independent media in 80 countries across the world.
- Freedom House's "Freedom on the Net" index, assessing the degree of internet and digital media freedom around the world.
- Freedom House's "Freedom of the Press" index assess' global media freedom.
- ARTICLE 19 freedom of expression and freedom of information news by region.
- Open Society Foundation - Mapping digital media
- Press Freedom Index (RSF)
- Climate Issues
- Gender Issues
- Poverty Alleviation
- Community Building
- Peace promotion
- Agricultural Development
- Water, Sanitation
- Disaster Relief
- Database: "The Aid Worker Security Database (AWSD) records major incidents of violence against aid workers, with incident reports from 1997 through the present." (The Aid Worker Security Database (AWSD))
- Platform: "The HumanitarianResponse.info platform is provided to the humanitairan community as a means to aid in coordination of operational information and related activities." (Humanitarian Response)
- Organization: "ReliefWeb has been the leading source for reliable and timely humanitarian information on global crises and disasters since 1996." (ReliefWeb)
- Monitor: "CNL's NGO Law Monitor provides up-to-date information on legal issues affecting not-for-profit, non-governmental organizations (NGOs) around the world." (NGO Law Monitor)
- Survey: ["This is a survey of existing and proposed laws and regulations on cryptography - systems used for protecting information against unauthorized access."(http://www.cryptolaw.org/)] (The Crypto Law Survey)
- List: "Who publishes Transparency Reports? - a list of transparency reports from Google, Facebook, and other popular websites. Cross-check with Alexa for locally popular services" (James Losey)
- Website: "This website contains information on regulations, policies, and local organizations working on issues related to digital rights in Latin America. The information is organized by country" (RedLatAm)
- Article: "Legal Issues in Penetration Testing" (Security Current)
- Wiki Page: ["Anti-circumvention: Laws and Treaties"(https://en.wikipedia.org/wiki/Anti-circumvention)] (Wikipedia)
- Guide: "Encryption and International Travel" (Princeton University)
- Guide: "World Map of Encryption Laws and Policies" (Global Partners Digital)
- List: "National Cyber Security Policy and Legal Documents" (NATO Cooperative Cyber Defence Centre of Excellence)
- Database: "APT Groups and Operations"
- Database: "APTNotes"
- Country Profiles: "Current cybersecurity landscape based on the five pillars of the Global Cybersecurity Agenda namely Legal Measures, Technical Measures, Organisation Measures, Capacity Building and Cooperation." ( Global Cybersecurity Index (GCI))
- Reports: Privacy International's in-depth country reports and submissions to the United Nations. (Privacy International)
- Organization: "The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada focusing on advanced research and development at the intersection of Information and Communication Technologies (ICTs), human rights, and global security." (The Citizen Lab)
- Database: "International Cyber Developments Review (INCYDER)" (NATO Cooperative Cyber Defence Centre of Excellence)
- Guide: "This handbook sets out an overview of the key privacy and data protection laws and regulations across 72 different jurisdictions, and offers a primer to businesses as they consider this complex area of compliance." (Data Protection Laws of the World - DLA PIPER)
- Reports: "Country Reports" (Open Network Inititiative)
- Reports: "Regional Overviews" (Open Network Inititiative)
- Portal: "Country Level Information security threats" (The ISC Project)
- Reports: "APWG Phishing Attack Trends Reports" (Anti-Phishing Working Group)
- List: "Foreign travel advice" (GOV.UK)
- List: "Travel Advice" (Australian Government)
- Alerts: "Travel Alerts & Warnings" (US Department of State)
- List: "List of airlines banned within the EU" (European Commission)
- List: "A list of aircraft operators that have that have suffered an accident, serious incident or hijacking." (Aviation Safety Network)
- Map: "A global display of Terrorism and Other Suspicious Events" (Global Incident Map)
Threat Assessment Activities:
Threat Modeling Resources (General):
Threat research by focus area:
Threat research by method:
General Threats by Region: