Purpose & Outputs
In this exercise, you can consider each of the threats you identified and prioritised in Section II in light of the gaps in your existing security practices and your vulnerabilities. This will give a much clearer picture of where you need to begin building new capacities.
Input & Materials
To carry out this exercise, you need to a) have identified and prioritised threats in Exercise 2.5b, and b) collated the output from Exercise 3.1a above.
Use pens and paper or other writing materials.
Format & Steps
Return to the threats identified in your Threat Brainstorm and the existing capacities and practices you identified.h
Here, you can attempt to identify the gaps in your existing practices and your vulnerabilities, relative to each of the questions you answered previously. Consider the following questions:
Whom/What is under threat? Identify here what gaps or vulnerabilities (if any) are making this person or thing more vulnerable to the threat. Vulnerabilities could include:
- in the case of judicial harassment, a person having little legal knowledge, or
- in the case of computer confiscation, the hard-drives having no password. or disk encryption
Who is behind the threat? What vulnerabilities or gaps exist in our ability to influence this actor? For example, if there is no way of directly engaging with the actor to create acceptance of your work or deter an attack, this could be considered a gap.
How: What information is necessary for them to carry out the attack? Is it difficult to control the flow of information – are there any vulnerabilities in the way you deal with information relevant to your work that may facilitate this threat or make it more damaging?
Where: What aspects of the physical spaces around us (e.g. buildings, vehicles, private property) may make this threat more probable or more damaging? In the case of an office raid and theft, for example, having weak locks on the doors would be a vulnerability.
Psychological, emotional and health considerations: In the context of this threat, how might stress, tiredness etc. affect you? What gaps or vulnerabilities exist in your well-being practices that may make this threat more likely, or more damaging?