Header Ads

Introduction To Threat Assessment.

Threat Assessment
Image Source: Google Image Search
Ethical Hackers Club regularly receives queries related to online safety strategies but, there isn't any single solution available to stay safe online. Digital security isn’t about which tools you use; rather, it’s about understanding the threats you may face and the countermeasures for the same. To stay more secure, you must decide what needs to be protected, and whom you need to protect it from. Threats may change depending on your location, on what you are doing, and whom you are working with. Therefore, in order to determine what solutions will be best for you, you should conduct a threat modeling assessment.

Lets Have A Closer Look At Threat Modeling:

There are Five Main Questions To Be Considered While Conducting an Assessment:

  1. What do you want to protect?
  2. From Whom To Protect?
  3. How Badly Is It That You Need To Protect?
  4. How Bad Will The Consequences Be If You Fail To Protect?
  5. How Much Efforts Are You Willing To Apply In Order To Protect It?
When we talk about the first question, and when we are talking about digital security, it's always the information that we need to protect. For example, your emails, contact lists, instant messages, and files are all assets you may be willing to protect. Even Your Digital devices are assets here.

Note down the list of data that you have, where is it located, who has the permissions to access those, and what stops others from accessing the same.

In order to answer the second question, “From Whom Do You Want To Protect?” it’s important to understand who might target you or your information.

Examples of potential threats for your information can be a hacker on a public network, your boss, or your government.

Create the list of people willing to get a hold of your data or communications. It might be an individual, a government agency, or a corporation.
Something wrong that happens to your data can be considered as a threat. There are numerous ways that an opponent can threaten your data. For example, your opponent can delete or corrupt your data they may even read your personal conversations to use them against you. Your enemy could also disable your access to your own data.

The motives & attacks of your opponents differ widely.
Write down what your opponent might wish to do with your private data.

The capability of your attacker is also an important factor to be considered. For example,  A hacker on an open Wi-Fi network can access your unencrypted communications. your mobile phone Service provider has access to all of your phone records and therefore has the capability to use that data against you. Your government might have stronger capabilities.
A final point to consider is the risk. The risk is the probability that a selective threat against a particular information can actually occur. While your mobile phone service provider has the capability to access all of your data, the risk of your service provider posting your private data online to harm your reputation is low.
It is important to differentiate between threats and the risks. While a threat is a bad condition that can happen, the risk is the probability that the threat will occur. 
Conducting a risk analysis is both a personal and a subjective process; not everyone has the same priorities about threats in the same way. Many people find certain threats unacceptable no matter what the risk because the small presence of the threat at any possibility is not worth the cost. In other cases, people ignore high risks because they don't view the threat as a problem.

In our civilized society today, we need our confidential data to be secure and private. 

And, of course, stay on top of the latest consumer and mobile security threats by following us on Twitter, and Like us on Facebook.

No comments

Powered by Blogger.