Risk Assessment

_A RISK ASSESSMENT WILL HELP YOU enumerate the digital threats you’re likely to face in the field in order to decide on a digital security practice that suits your unique needs.

There are many ways to perform a risk assessment, but every framework centers on the same core components:

  1. Your assets: What do I have to protect?
  2. Your adversaries: Who am I concerned about?
  3. Your adversaries’ capabilities: What are likely threats I might face over the course of this project?
  4. Your capabilities: What can I do now to limit the negative impact of these threats?

Begin with the next steps we recommend in the following sections. If you still have questions, contact the digital security trainers at Freedom of the Press Foundation for risk assessment and training services. You can also download this introductory worksheet from Rory Peck Trust to use as an interactive exercise with your team.

Risk Assessment

1. Your assets

What do I have to protect?

Footage, transcripts, messages, contacts - all of these pieces of data make up the vast collection of your digital assets.

Learn more
Risk Assessment

2. Your adversaries

Who am I concerned about?

Some adversaries are immediately obvious: a border agent, or a legal threat. Others may be less obvious, hidden from view or behind a screen a continent away.

Learn more
Risk Assessment

3. Your adversaries’ capabilities

What are likely threats I might face over the course of this project?

The more information you’re able to gather about your adversary early on, the better you’ll be at anticipating their capabilities, and practically protecting your assets based on what you know.

Learn more
Risk Assessment

4. Your capabilities

What can I do now to limit the negative impact of these threats?

At this point, you know who you’re concerned with, and have an idea of what these actors are capable of. In light of your concerns, how far can you go to protect the data you value?

Learn more