Skip Navigation

Personal Threat Model Assignment

For this assignment, you will contemplate your own privacy needs and risks and start to develop a personal threat model. A personal threat model is a way of applying security and privacy principles to your own digital life. It is customized for you and is based on your own needs, desires, and values.

Page Contents

Assignment Information

The application area for this assignment is general interest, although formal threat modeling is used in intelligence, business, and information technology. Anyone is welcome to select this assignment, regardless of major.

Prerequisites

Background

Threat modeling is a formal process in which different threats and vulnerabilities in some kind of system (which doesn’t even need to be a computer system) are identified and analyzed. These models are used to guide the implementation of controls (physical, technological, policy, or otherwise) to mitigate the threats and close the vulnerabilities. In some situations, formal threat modeling is an absolute necessity. Examples include cybersecurity, national security, and safeguarding trade secrets, to name just a few.

It is possible to apply the same threat modeling processes used in business and government to assess one’s own security and privacy situation. Numerous articles on this subject are easily located with an Internet search, including:

Of course, there are some inherent differences when creating a personal threat model when compared to formal threat modeling in a professional capacity. Some of these differences include:

  1. A personal threat model is usually a lot less formal than what you would prepare for your company or a government agency, since you have an audience of one who probably doesn’t care about the formality.
  2. It is next to impossible to separate your emotional feelings about your privacy and security from objective facts about the true risks of certain threats and the real capabilities of controls.
  3. Putting too much effort into a personal threat model is a great way to become paranoid, which could lead to negative mental health consequences.

That said, threat modeling is still a useful way to improve your personal privacy and security by allowing you to make educated and reasoned trade-offs between convenience and risk.

Requirements

Begin by reading the above articles and doing a bit of your own research. Organize your thoughts using PowerPoint or LibreOffice Impress slides, and address the following questions:

  1. When it comes to your own privacy and digital security, what do you value? Do you care if large corporations or your government know everything about you? Are you willing to sacrifice your privacy (and perhaps your security) for convenience? Do you trust certain companies to handle your data fairly and properly?
  2. What things about yourself do you want to protect? (You can be vague here and put things into categories… you don’t need to disclose embarrassing things about yourself for the purpose of this assignment.)
  3. Who are the threat actors that might try to access your information or inflict some kind of harm on you?
  4. Realistically speaking, how likely do you think it is that each of these threat actors would target you?
  5. What are the consequences to the present-day version of you if a threat actor manages to compromise your information or harm you in some way?
  6. What are potential consequences to future you (say, 20 years from now) if a threat actor manages to compromise your information or harm you in some way today?
  7. Are your current security and privacy controls adequate to protect you from the threats you have identified? Are you unsure if some of your current controls are adequate?
  8. What goals could you set to implement controls to improve your privacy or security? What changes can you make?

Record a presentation using either screencasting software or your phone. Aim for about 15-20 minutes for the total length of the presentation.

Note that the questions above are deliberately open-ended, since the purpose is for you to reflect on the “big picture.” While this is a CSCI course, it’s important not to focus exclusively on technology-related threats, such as whether or not that “smart” speaker in your bedroom is listening to your private moments. Instead, the objective of personal threat modeling is to consider all the possible threats you face, whether online, offline involving technology, or offline and old-school (like someone breaking into your house). By considering your threat landscape holistically, you can decide which things are more or less important to you as an individual. Knowing these things will then help you determine what technologies you want to have in your life (or your bedroom) by giving you a way to consider the trade-offs between privacy/security and convenience.

Along these same lines, there is no one right or wrong answer to any of these questions. Some people would be perfectly happy living in a glass house and letting everyone see and know everything all the time. Other people are at the opposite extreme and want to keep everything a secret. Most people are probably somewhere in the middle. The purpose of this assignment is really to figure out where you stand and what your priorities are. Grading is therefore based on how well you go through the process of completing this reflection, not on the answers themselves.

Grading

Please review the Personal Threat Model Rubric prior to uploading your video presentation. This rubric explains how this assignment option will be graded and can be used as a checklist to ensure that you have completed all the required parts of the assignment.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.