Four examples of different threat models

My post on threat models for journalists is quite lengthy, so I thought I’d put the sample threat models from that in their own, separate post. Here they are – note that these are very simple, sketchy threat models and you would want to expand on these. But hopefully they provide a starting point. I’d also recommend checking out this resource from Privacy for Journalists.

What info do you want to keep? Passwords. Why might someone want it? To spam. What can they do? Guess password, phishing. What might happen? Damage to brand, trust.

A basic threat model for anyone with access to a key social media account – or colleagues who do.

What info do you want to keep? Communication with sources. Why might someone want it? To prevent publicaiton, smear. What can they do? Guess/hack password, phishing, legal avenues. What might happen? Story killed, credibility, trust.

This is an example of a threat model for anyone who deals with protestors, complainants, or others who might be targets of others

What info do you want to keep? Identity/location of sources. Why might someone want it? To intimidate, attack, smear. What can they do? Guess/hack password, phishing, metadata, mobile trail, more. What might happen? Source attacked, imprisoned, trust.

When dealing with whistleblowers, leaks, or sources in oppressive regimes, you need to protect identity and location. Here’s a sample threat model for that.

What info? Documents. Why? To prevent publication, identify sources. What can they do? Guess, hack, phish passwords for cloud services. Legal avenues etc. What might happen? Story killed, credibility damaged, sources don't trust.

When working with documents, you may need to prevent others getting access to them. Here’s a sample threat model for that.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s