Once we have established the threats we face and analysed them in detail, we can begin to analyse how we might respond to them. When it comes to building a security strategy, we're never starting from zero; together with our intuition, which helps us to avoid or respond to threats in our daily life, we also have certain socialised practices – our 'common sense' – which often keeps us out of harm's way.
In this chapter, we'll consider these practices along with our other capacities, as well as our vulnerabilities, in order to foster critical thinking and avoid a false sense of security.
To get the most out of this exercise, be sure to have already completed the context analysis exercises from Section II [link].
Threats, capacities and vulnerabilities
In order to build a response to the threats we face, we can consider them in terms of the factors which make us more or less susceptible to them. These factors are our capacities and vulnerabilities:
capacities help to keep us safer from a particular threat (i.e. reduce its likelihood or its impact)
vulnerabilities make us more susceptible to a threat (i.e. they increase its likelihood or its impact).
Capacities and vulnerabilities may be characteristics of our own, of other actors or our context which are relevant to our security. Once we have identified them, we can take action to reduce our vulnerabilities and build our capacities in order to minimise the likelihood or impact of the threat, therefore minimising the risk that each threat poses.
Existing practices and capacities
As discussed above, it makes sense to begin with an assessment of our current security practices and capacities. Most people will already take a number of basic security measures in daily life: locking the door to your office and having strong passwords for your online accounts constitute security measures. But it doesn’t pay to be complacent - a false sense of security can be dangerous too. We must ask ourselves: do our existing practices relate to the threats we've identified? Have we factored stress-levels and maintaining our general well being into the picture?
Let's consider which of our capacities correspond to the different aspects of the threats we have identified: Some examples would be:
in the case of judicial harassment: good legal knowledge
in the case of computer confiscation: having encrypted hard drives.
In the exercise linked below, you can begin to review the threats you already identified and how they manifest (Who and what would be affected? Where and how would it occur? Who does the threat come from and what knock-on effects will it have?) in light of what practices and capacities you already have.
Identifying gaps and vulnerabilities
The next step starts with a slightly more difficult question: What gaps remain that may make us vulnerable to these threats? What unhelpful attitudes or lack of sufficient knowledge or skills on our part represent vulnerabilities? Considering and identifying our vulnerabilities can be a tough process emotionally. However, this insight also helps us to identify more accurately the new resources and skills we need to build to improve our security.
When thinking about this question, remember that lack of sufficient information, or stress, fear and trauma, can lead us to develop unfounded fears or unrecognised threats. However, we must try to strike the balance between staying informed and overthinking! We can take steps to check our perceptions through group discussions or by talking to trusted allies and friends.
Based on our analysis from the previous exercises, we can reflect on the details we know about the threats we face and our existing practices for preventing or mitigating them. The following exercise is designed to help you identify gaps and vulnerabilities relating to each threat.
Identifying new capacities
By now, we should have a good idea of the threats we face, our capacities and vulnerabilities relative to each of them, as well as some gaps and room for improvement in our practices. These gaps are precisely where we can think about building up new capacities to improve our well-being in action.Try completing the exercise linked below to create an initial brainstorm of the new capacities that you want to develop. These new capacities should correspond, above all, to the gaps and vulnerabilities that you identified in the previous exercise.
Read on through the next Chapters to explore some of the dynamics around how to develop and implement new capacities into an overall security strategy.