Edit This Page

Understand Threats


Learn about identifying and dealing with threats

Learn about


Scenario text...

What are threats?

A threat is something bad that can happen to an asset. There are numerous ways that an adversary can threaten your data.
For example, an adversary can read your private communications as they pass through the network, or they can delete or corrupt your data. An adversary could also disable your access to your own data.
There is no single solution for keeping yourself safe online. Digital security isn’t about which tools you use; rather, it’s about understanding the threats you face and how you can counter those threats.
To become more secure, you must determine what you need to protect, and whom you need to protect it from. Threats can change depending on where you’re located, what you’re doing, and whom you’re working with.
In order to determine what solutions will be best for you, you should conduct a threat modeling assessment.

Five steps to Conducting a threat assessment

Step 1.

What do you want to protect?

What information could put you, your work or others at risk if were public? This is often the kind of information kept in your emails, contact lists, messages and files. It might relate to a specific sensitive campaign you are working on.
Write down a list of data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.

Step 2.

Who do you want to protect it from?

This could be any person or entity that poses a threat against an your or your work, also known as an adversary. Think about who would have a motive in reading or deleting your information or disrupting your work.
Examples could be a government, a company you are exposing, your boss, or a hacker.
Make a list of who might want to get ahold of your data or communications. It might be an individual, a government agency, or a corporation.

Step 3

How likely is it that you will need to protect it?

A final thing to consider is risk. Risk is the likelihood that a particular threat against a particular asset will actually occur, and goes hand-in-hand with capability.
While your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.
It is important to distinguish between threats and risks. While a threat is a bad thing that can happen, risk is the likelihood that the threat will occur.
For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).

Step 4

How bad are the consequences if you fail?

The motives of adversaries differ widely, as do their attacks.
A company trying to prevent the spread of a video showing their illegal activity may simply want to delete the video, whereas a government may wish to gain access to the names/details of activists it sees as a threat to the state in order to arrest or harass them.
Write down what your adversary might want to do with your private data.
The capability of your attacker is also an important thing to think about. For example, your mobile phone provider has access to all of your phone records and therefore has the capability to use that data against you.
A hacker on an open Wi-Fi network can access your unencrypted communications. Your government might have stronger capabilities.

Step 5

How much trouble are you willing to go through in order to try to prevent those?

This means figuring out which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.
Many people find certain threats unacceptable no matter what the risk, because the presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don't view the threat as a problem.

Based on the results of your risk analysis, you will be able to better determine how much trouble you will need to go through in order to prevent a threat from causing damage.
Make sure to include responses to threats in your emergency plan.


If you want to keep your house and possessions safe, here are a few questions you might ask:

-Should I lock my door? -What kind of lock or locks should I invest in? -Do I need a more advanced security system? -What are the assets in this scenario? -The privacy of my home -The items inside my home -What is the threat? -Someone could break in. -What is the actual risk of someone breaking in? Is it likely?
Once you have asked yourself these questions, you are in a position to assess what measures to take. If your possessions are valuable, but the risk of a break-in is low, then you probably won’t want to invest too much money in a lock. On the other hand, if the risk is high, you’ll want to get the best locks on the market, and perhaps even add a security system.


See also: