Note: this was the reply I sent to AC when he asked about threat modeling applied to commuting. It's a rather fast and crude explanation but I wanted to leave it as is, I think it explains it ok.
Threat modeling is a process you can use to assess potential threats that you may face that can lead to specific risks occurring. Through this process can assess whether the threats can become a reality by looking at whether the vulnerabilities or weaknesses enabling that threat exist, and then assign mitigation activities.
The process is rather straightforward:
- Identify potential threats
- Assess existing vulnerabilities
- Identify risk scenarios
- Perform a risk analysis
- Assign mitigating actions
Threat modeling when you commute to new or known locations, and traveling to new cities or countries, will help you to remain aware and safe. It’s one of those activities that become easier the more you do it.
When you get into the habit of assessing what can go wrong and what can hurt you, you begin to see patterns across all places and situations and you can begin to build better standards to remain safe.
The Process
Before you threat model, it is important to assess what you need to protect. This list ranges from personal safety to equipment, depending on where you are and what you are carrying. First, then, create a list of those “assets” you want to protect. That’s your “asset inventory.”
As you go through this list, try to divide the list into two major types of assets:
- Primary assets: things that are critical and must remain safe. E.g. your personal safety or your communication device (in some cases)
- Secondary assets: important things that you are less likely to spend time, effort, or money to protect if it means you can remain safe. E.g. your laptop, you watch, or sunglasses
Once you have this list then go through the threat model process:
- Identify potential threats: For each asset (or asset group if you can put a collection of assets together) identify the threats that can affect them. Think about this as your “going into the mind of an attacker” and thinking “if I were to hurt this person to do X, how would I do it?” Or ask yourself the question: what can go wrong? As you answer that question, don’t be shy, list even the things that are ridiculous.
- Assess existing vulnerabilities: Now think about what can cause those threats identified before to happen. Do you have the weaknesses which may be exploited by a bad actor, or might happen as a combination of circumstances to make this threat real?
- Identify risk scenarios: Study where you will be commuting or traveling to. Identify the most likely scenarios that have elements of risk. Examples: lack of cellular phone service, offices are located in a high crime area enhancing the chances of getting robbed, etc.
- Perform a risk analysis: For each risk scenario attach a likelihood and impact. What’s the likelihood of the risk happening based on the threats identified and whether you are vulnerable to that threat, and what is the impact to you? If the risk likelihood is high, but the impact is low, then maybe you wouldn’t worry about it.
- Assign mitigating actions: now that you know the threats and the risks resulting from that, you can identify the actions you can put in place to prevent them. Maybe not traveling is the best option, or maybe not bringing a big backpack that might make you a target is the mitigation, but whatever it is make decisions based on those mitigations or inability to find one.
At the end of the day, the purpose of this exercise is to decide which risks can be accepted and which ones need to be handled or avoided.
Stay safe.