CINXE.COM

Your Security Plan | Surveillance Self-Defense

<!DOCTYPE html> <html> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="/favicon.ico" type="image/x-icon" /> <link href="https://ssd.eff.org/module/your-security-plan" rel="alternate" hreflang="en" /> <link href="https://ssd.eff.org/am/module/your-security-plan" rel="alternate" hreflang="am" /> <link href="https://ssd.eff.org/ar/module/your-security-plan" rel="alternate" hreflang="ar" /> <link href="https://ssd.eff.org/es/module/your-security-plan" rel="alternate" hreflang="es" /> <link href="https://ssd.eff.org/fr/module/your-security-plan" rel="alternate" hreflang="fr" /> <link href="https://ssd.eff.org/ru/module/your-security-plan" rel="alternate" hreflang="ru" /> <link href="https://ssd.eff.org/tr/module/your-security-plan" rel="alternate" hreflang="tr" /> <link href="https://ssd.eff.org/vi/module/your-security-plan" rel="alternate" hreflang="vi" /> <link href="https://ssd.eff.org/pt-br/module/your-security-plan" rel="alternate" hreflang="pt-br" /> <link href="https://ssd.eff.org/zh-hans/module/your-security-plan" rel="alternate" hreflang="zh-hans" /> <link href="https://ssd.eff.org/my/module/your-security-plan" rel="alternate" hreflang="my" /> <link href="https://ssd.eff.org/ps/module/your-security-plan" rel="alternate" hreflang="ps" /> <link href="https://ssd.eff.org/th/module/your-security-plan" rel="alternate" hreflang="th" /> <link href="https://ssd.eff.org/ur/module/your-security-plan" rel="alternate" hreflang="ur" /> <link rel="publisher" href="https://www.eff.org/" /> <meta property="og:url" content="https://ssd.eff.org/module/your-security-plan" /><meta property="og:title" content="Your Security Plan" /><meta property="og:type" content="website" /><meta property="og:url" content="https://ssd.eff.org/module/your-security-plan" /><meta property="og:image" /><meta property="og:image:width" content="1200" /><meta property="og:image:height" content="600" /><meta property="og:description" content="Trying to protect all your data from everything all the time is impractical and exhausting. But, have no fear! Security is a process, and through thoughtful planning, you can put together a plan that’s best for you. Security isn’t just about the tools you use or the software you download...." /><meta property="twitter:card" content="summary_large_image" /><meta name="twitter:site" content="@eff" /><meta name="twitter:creator" content="@eff" /> <title>Your Security Plan | Surveillance Self-Defense</title> <meta name="csrf-param" content="authenticity_token" /> <meta name="csrf-token" content="ocYV1WSxpRr+WalXCejNI3qNO0HqOFkqsp41+ZwKXj7lFyIstX5RSVefSb/Peyhc3ccdXeOUQz7POAzN00bGLA==" /> <link rel="stylesheet" media="all" href="/assets/application-42f6a7370ecadbe095d756d14d354e6064345f0cb75e22065653ec659ade0a15.css" /> </head> <body class="guides-section show-action guide-27 guide-your-security-plan" lang="en"> <a href="#main-content" class="sr-only">Skip to main content</a> <div id="off-canvas" class="off-canvas" role="navigation" aria-label="mobile-navigaton"> <ul> <li><a href="/pages/about-surveillance-self-defense">About</a></li> <li class="has-dropdown"> <a href="#">Language</a> <ul class="dropdown list"> <li dir="ltr" lang="en"><a class="active" href="https://ssd.eff.org/module/your-security-plan"><span>English</span></a></li> <li dir="ltr" lang="am"><a href="https://ssd.eff.org/am/module/%E1%8B%A8%E1%88%9A%E1%8B%AB%E1%8C%8B%E1%8C%A5%E1%88%9D%E1%8B%8E-%E1%8A%A0%E1%8B%B0%E1%8C%8B%E1%8B%8E%E1%89%BD%E1%8A%95-%E1%88%98%E1%8C%88%E1%88%9D%E1%8C%88%E1%88%9D"><span>አማርኛ</span></a></li> <li dir="rtl" lang="ar"><a href="https://ssd.eff.org/ar/module/%D8%AA%D9%82%D9%8A%D9%8A%D9%85-%D8%A7%D9%84%D9%85%D8%AE%D8%A7%D8%B7%D8%B1-%D8%A7%D9%84%D8%AE%D8%A7%D8%B5%D8%A9-%D8%A8%D9%83"><span>العربية</span></a></li> <li dir="ltr" lang="es"><a href="https://ssd.eff.org/es/module/evaluando-tus-riesgos"><span>Español</span></a></li> <li dir="ltr" lang="fr"><a href="https://ssd.eff.org/fr/module/votre-plan-de-s%C3%A9curit%C3%A9"><span>Français</span></a></li> <li dir="ltr" lang="ru"><a href="https://ssd.eff.org/ru/module/%D0%BE%D1%86%D0%B5%D0%BD%D0%BA%D0%B0-%D1%80%D0%B8%D1%81%D0%BA%D0%BE%D0%B2"><span>Русский</span></a></li> <li dir="ltr" lang="tr"><a href="https://ssd.eff.org/tr/module/risklerinizi-de%C4%9Ferlendirmek"><span>Türkçe</span></a></li> <li dir="ltr" lang="vi"><a href="https://ssd.eff.org/vi/module/%C4%91%C3%A1nh-gi%C3%A1-r%E1%BB%A7i-ro-c%E1%BB%A7a-b%E1%BA%A1n"><span>Tiếng Việt</span></a></li> <li dir="ltr" lang="pt-br"><a href="https://ssd.eff.org/pt-br/module/avaliando-seus-riscos"><span>Português</span></a></li> <li dir="ltr" lang="zh-hans"><a href="https://ssd.eff.org/zh-hans/module/b84a0e54-1b28-4271-a6b8-1ca547204988"><span>Mandarin</span></a></li> <li dir="ltr" lang="my"><a href="https://ssd.eff.org/my/module/%E1%80%92%E1%80%85%E1%80%BA%E1%80%82%E1%80%BB%E1%80%85%E1%80%BA%E1%80%90%E1%80%9A%E1%80%BA%E1%80%9C%E1%80%AF%E1%80%B6%E1%80%81%E1%80%BC%E1%80%AF%E1%80%B6%E1%80%9B%E1%80%B1%E1%80%B8%E1%80%A1%E1%80%85%E1%80%AE%E1%80%A1%E1%80%85%E1%80%89%E1%80%BA"><span>Burmese</span></a></li> <li dir="rtl" lang="ps"><a href="https://ssd.eff.org/ps/module/%D8%B3%D8%AA%D8%A7%D8%B3%D9%88-%D8%AF-%D8%A7%D9%85%D9%86%DB%8C%D8%AA-%D9%BE%D9%84%D8%A7%D9%86"><span>پښتو</span></a></li> <li dir="ltr" lang="th"><a href="https://ssd.eff.org/th/module/%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%A1%E0%B8%B4%E0%B8%99%E0%B8%84%E0%B8%A7%E0%B8%B2%E0%B8%A1%E0%B9%80%E0%B8%AA%E0%B8%B5%E0%B9%88%E0%B8%A2%E0%B8%87"><span>ภาษาไทย</span></a></li> <li dir="rtl" lang="ur"><a href="https://ssd.eff.org/ur/module/%D8%A7%D9%BE%D9%86%DB%92-%D8%AE%D8%AF%D8%B4%D8%A7%D8%AA-%DA%A9%D8%A7-%D8%AA%D8%B9%DB%8C%D9%86-%DA%A9%D8%B1%D9%86%D8%A7"><span>اردو</span></a></li> <li><a href="/en/other-translations">More Translations</a></li> </ul> </li> <li><a href="/#index">Index</a></li> <li class="search"> <form autocomplete="off" action="/search" accept-charset="UTF-8" method="get"> <label class="sr-only" for="q"><span class="translation_missing" title="translation missing: en.layouts.application.keywords">Keywords</span></label> <input type="text" name="q" id="q" /> <button>Search</button> </form> </li> </ul> <div class="close-menu"><a href="#">&times;</a></div> </div> <div id="page"> <div id="branding-bar"> <nav id="navbar" class="top-bar" role="navigation"> <ul class="inline menu" dir="ltr"> <li><a href="/pages/about-surveillance-self-defense">About</a></li> <li class="has-dropdown"> <a href="#" onclick="return false">Language</a> <ul class="dropdown list"> <li dir="ltr" lang="en"><a class="active" href="https://ssd.eff.org/module/your-security-plan"><span>English</span></a></li> <li dir="ltr" lang="am"><a href="https://ssd.eff.org/am/module/%E1%8B%A8%E1%88%9A%E1%8B%AB%E1%8C%8B%E1%8C%A5%E1%88%9D%E1%8B%8E-%E1%8A%A0%E1%8B%B0%E1%8C%8B%E1%8B%8E%E1%89%BD%E1%8A%95-%E1%88%98%E1%8C%88%E1%88%9D%E1%8C%88%E1%88%9D"><span>አማርኛ</span></a></li> <li dir="rtl" lang="ar"><a href="https://ssd.eff.org/ar/module/%D8%AA%D9%82%D9%8A%D9%8A%D9%85-%D8%A7%D9%84%D9%85%D8%AE%D8%A7%D8%B7%D8%B1-%D8%A7%D9%84%D8%AE%D8%A7%D8%B5%D8%A9-%D8%A8%D9%83"><span>العربية</span></a></li> <li dir="ltr" lang="es"><a href="https://ssd.eff.org/es/module/evaluando-tus-riesgos"><span>Español</span></a></li> <li dir="ltr" lang="fr"><a href="https://ssd.eff.org/fr/module/votre-plan-de-s%C3%A9curit%C3%A9"><span>Français</span></a></li> <li dir="ltr" lang="ru"><a href="https://ssd.eff.org/ru/module/%D0%BE%D1%86%D0%B5%D0%BD%D0%BA%D0%B0-%D1%80%D0%B8%D1%81%D0%BA%D0%BE%D0%B2"><span>Русский</span></a></li> <li dir="ltr" lang="tr"><a href="https://ssd.eff.org/tr/module/risklerinizi-de%C4%9Ferlendirmek"><span>Türkçe</span></a></li> <li dir="ltr" lang="vi"><a href="https://ssd.eff.org/vi/module/%C4%91%C3%A1nh-gi%C3%A1-r%E1%BB%A7i-ro-c%E1%BB%A7a-b%E1%BA%A1n"><span>Tiếng Việt</span></a></li> <li dir="ltr" lang="pt-br"><a href="https://ssd.eff.org/pt-br/module/avaliando-seus-riscos"><span>Português</span></a></li> <li dir="ltr" lang="zh-hans"><a href="https://ssd.eff.org/zh-hans/module/b84a0e54-1b28-4271-a6b8-1ca547204988"><span>Mandarin</span></a></li> <li dir="ltr" lang="my"><a href="https://ssd.eff.org/my/module/%E1%80%92%E1%80%85%E1%80%BA%E1%80%82%E1%80%BB%E1%80%85%E1%80%BA%E1%80%90%E1%80%9A%E1%80%BA%E1%80%9C%E1%80%AF%E1%80%B6%E1%80%81%E1%80%BC%E1%80%AF%E1%80%B6%E1%80%9B%E1%80%B1%E1%80%B8%E1%80%A1%E1%80%85%E1%80%AE%E1%80%A1%E1%80%85%E1%80%89%E1%80%BA"><span>Burmese</span></a></li> <li dir="rtl" lang="ps"><a href="https://ssd.eff.org/ps/module/%D8%B3%D8%AA%D8%A7%D8%B3%D9%88-%D8%AF-%D8%A7%D9%85%D9%86%DB%8C%D8%AA-%D9%BE%D9%84%D8%A7%D9%86"><span>پښتو</span></a></li> <li dir="ltr" lang="th"><a href="https://ssd.eff.org/th/module/%E0%B8%81%E0%B8%B2%E0%B8%A3%E0%B8%9B%E0%B8%A3%E0%B8%B0%E0%B9%80%E0%B8%A1%E0%B8%B4%E0%B8%99%E0%B8%84%E0%B8%A7%E0%B8%B2%E0%B8%A1%E0%B9%80%E0%B8%AA%E0%B8%B5%E0%B9%88%E0%B8%A2%E0%B8%87"><span>ภาษาไทย</span></a></li> <li dir="rtl" lang="ur"><a href="https://ssd.eff.org/ur/module/%D8%A7%D9%BE%D9%86%DB%92-%D8%AE%D8%AF%D8%B4%D8%A7%D8%AA-%DA%A9%D8%A7-%D8%AA%D8%B9%DB%8C%D9%86-%DA%A9%D8%B1%D9%86%D8%A7"><span>اردو</span></a></li> <li><a href="/pages/other-translations"><span class="translation_missing" title="translation missing: en.layouts.application.more_translations">More Translations</span></a></li> </ul> </li> <li><a href="/#index">Index</a></li> <li class="search"> <form autocomplete="off" action="/search" accept-charset="UTF-8" method="get"> <label class="sr-only" for="q"><span class="translation_missing" title="translation missing: en.layouts.application.keywords">Keywords</span></label> <input type="text" name="q" id="q" value="" class="hide" /> <button>Search</button> </form> </li> </ul> <a href="/">ssd.eff.org</a> <a href="#off-canvas" class="open-menu">&#x2261;</a> </nav> </div> <header class="center"> <a class="logo" href="/" title="Home"> <img alt="Home" class="img-responsive" src="/assets/logo-eba4d85a4e344c3517f7dbff8da80c517937dd9dc3bf42c3f5b77444be4487b9.png" /> </a> <div class="site-name">Surveillance<br/>Self-Defense</div> </header> <div id="main-content"> <div class="content"> <p class="breadcrumbs" dir="ltr"> <a href="/module-categories/basics">&lt; Basics</a> </p> <h1 dir="ltr">Your Security Plan</h1> <p dir="ltr"><strong><span class="translation_missing" title="translation missing: en.guides.show.last_reviewed">Last Reviewed</span></strong>: October 27, 2023</p> <div dir="ltr"><div class="content"><p>Trying to protect all your <a class="glossary-term" href="/glossary/data" data-term_id="163" data-description='&lt;div class="header"&gt; &lt;h3&gt;&lt;a href="/glossary/data"&gt;Data&lt;/a&gt;&lt;/h3&gt; &lt;button class="close" aria-describedby="tooltip-action"&gt;&lt;span class="icon"&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; &lt;p&gt;Any kind of information, typically stored in a digital form. Data can include documents, pictures, keys, programs, messages, and other digital information or files.&lt;/p&gt; '>data <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a> from everything all the time is impractical and exhausting. But, have no fear! Security is a process, and through thoughtful planning, you can put together a plan that’s best for you. Security isn’t just about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats.</p> <p>In computer security, a <a class="glossary-term" href="/glossary/threat" data-term_id="135" data-description='&lt;div class="header"&gt; &lt;h3&gt;&lt;a href="/glossary/threat"&gt;Threat&lt;/a&gt;&lt;/h3&gt; &lt;button class="close" aria-describedby="tooltip-action"&gt;&lt;span class="icon"&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; In computer security, a threat is a potential event that could undermine your efforts to defend your data. Threats can be intentional (conceived by attackers), or they could be accidental (you might leave your computer turned on and unguarded). '>threat <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a> is a potential event that could undermine your efforts to defend your data. You can counter the threats you face by determining what you need to protect and from whom you need to protect it. This is the process of security planning, often referred to as “<a class="glossary-term" href="/glossary/threat-model" data-term_id="136" data-description="&lt;div class=&quot;header&quot;&gt; &lt;h3&gt;&lt;a href=&quot;/glossary/threat-model&quot;&gt;Threat model&lt;/a&gt;&lt;/h3&gt; &lt;button class=&quot;close&quot; aria-describedby=&quot;tooltip-action&quot;&gt;&lt;span class=&quot;icon&quot;&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; &lt;p&gt;A way of thinking about the sorts of protection you want for your data so you can decide which potential threats you are going to take seriously. It's impossible to protect against every kind of trick or adversary, so you should concentrate on which people might want your data, what they might want from it, and how they might get it. Coming up with a set of possible threats you plan to protect against is called threat modeling or assessing your risks.&lt;/p&gt; ">threat modeling <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a>.”</p> <p>This guide will share how to make a security plan for your digital information and how to determine what solutions are best for you.</p> <p>What does a security plan look like? Let’s say you want to keep your house and possessions safe. Here are a few questions you might ask, using some keywords like “<a class="glossary-term" href="/glossary/asset" data-term_id="85" data-description='&lt;div class="header"&gt; &lt;h3&gt;&lt;a href="/glossary/asset"&gt;Asset&lt;/a&gt;&lt;/h3&gt; &lt;button class="close" aria-describedby="tooltip-action"&gt;&lt;span class="icon"&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; &lt;p&gt;In threat modeling, any piece of data or a device that needs to be protected.&lt;/p&gt; '>assets <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a>” and “adversaries” that will come up again later:</p> <p><strong>What do I have inside my home that is worth protecting?</strong></p> <ul> <li>Assets could include: jewelry, electronics, financial documents, passports, or photos</li> </ul> <p><strong>Who do I want to protect it from?</strong></p> <ul> <li>Adversaries could include: burglars, roommates, or guests</li> </ul> <p><strong>How likely is it that I will need to protect it?</strong></p> <ul> <li> <p>Does my neighborhood have a history of burglaries? How trustworthy are my roommates/guests? What are the capabilities of my adversaries? What are the risks I should consider?</p> </li> </ul> <p><strong>How bad are the consequences if I fail?</strong></p> <ul> <li> <p>Do I have anything in my house that I cannot replace? Do I have the time or money to replace these things? Do I have insurance that covers goods stolen from my home? Are there other people in my life whose security will be compromised if these threats occur?</p> </li> </ul> <p><strong>How much trouble am I willing to go through to prevent these consequences?</strong></p> <ul> <li> <p>Am I willing to buy a safe for sensitive documents? Can I afford to buy a high-quality lock? Do I have time to open a security box at my local bank and keep my valuables there?</p> </li> </ul> <p><strong>Who are my allies?</strong></p> <ul> <li> <p>Are there people I live with that could help protect the things I care about? Are there neighbors who might know more about where we live and the resources we have access to?</p> </li> </ul> <p>Once you have asked yourself these questions, you are in a position to assess what measures to take. If your possessions are valuable, but the probability of a break-in is low, then you may not want to invest too much money in a lock. But, if the probability of a break-in is high, you’ll want to get the best lock on the market, and consider adding a security system.</p> <p>You may already begin to sense that there is no definitive answer to these questions. Rather, you have to make judgments based on what you value and the likelihood that some threat could come to pass. That is the essence of this exercise; making educated decisions based on measuring severity of impact of threats, likelihood of them occurring, and prioritizing what things you want to protect.</p> <a name="how-do-i-make-my-own-security-plan-where-do-i-start"> </a><h2>How do I make my own security plan? Where do I start? <a href="#how-do-i-make-my-own-security-plan-where-do-i-start" class="anchor">anchor link</a> </h2> <p>When building a security plan answer these six questions:</p> <ol> <li aria-level="1">What do I want to protect?</li> <li aria-level="1">Who do I want to protect it from?</li> <li aria-level="1">How bad are the consequences if I fail?</li> <li aria-level="1">How likely is it that I will need to protect it?</li> <li aria-level="1">How much trouble am I willing to go through to try to prevent potential consequences?</li> <li aria-level="1">Who are my allies?</li> </ol> <p>Let’s take a closer look at each of these questions.</p> <a name="what-do-i-want-to-protect"> </a><h3>What do I want to protect? <a href="#what-do-i-want-to-protect" class="anchor">anchor link</a> </h3> <p>An “asset” is something you value and want to protect. In the context of digital security, an asset is usually some kind of information. For example it could be your emails, contact lists, direct messages, location, or other documents. Your devices themselves may also be assets.</p> <p><em>Make a list of your assets: data that you keep, where it’s kept, who has access to it, and what stops others from accessing it.</em></p> <a name="who-do-i-want-to-protect-it-from"> </a><h3>Who do I want to protect it from? <a href="#who-do-i-want-to-protect-it-from" class="anchor">anchor link</a> </h3> <p>To answer this question, it’s important to identify who might want to target you or your information. A person or entity that poses a threat to your assets is an “<a class="glossary-term" href="/glossary/adversary" data-term_id="81" data-description='&lt;div class="header"&gt; &lt;h3&gt;&lt;a href="/glossary/adversary"&gt;Adversary&lt;/a&gt;&lt;/h3&gt; &lt;button class="close" aria-describedby="tooltip-action"&gt;&lt;span class="icon"&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; &lt;p&gt;Your adversary is the person or organization attempting to undermine your security goals. Adversaries can be different, depending on the situation. For instance, you may worry about criminals spying on the network at a cafe, or your classmates logging into your accounts on a shared computer at a school. Often the adversary is hypothetical.&lt;/p&gt; '>adversary <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a>.” Examples of potential adversaries are your boss, law enforcement, your former partner, your business competition, your government, or a hacker on a public network. It could even include people you would otherwise trust who might accidentally compromise your assets by being careless with their own security plans.</p> <p><em>Make a list of potential or known adversaries, or those who might want to get ahold of your assets. Your list may include individuals, a government agency, or corporations. Depending on who your adversaries are, under some circumstances this list might be something you want to destroy after you’re done security planning.</em></p> <a name="how-bad-are-the-consequences-if-i-fail"> </a><h3>How bad are the consequences if I fail? <a href="#how-bad-are-the-consequences-if-i-fail" class="anchor">anchor link</a> </h3> <p>There are many ways an adversary could gain access to your data. For example, an adversary could get you to click on a malicious link sent to your email address that compromises your computer. Or more simply, it could be someone screenshotting your private DM’s and using that information against you.</p> <p>The motives of adversaries differ widely, as do their tactics. Some might be highly technically sophisticated, while others are more like scams made to gain your trust and ultimately betray it.</p> <p>Security planning involves understanding how bad the consequences could be if an adversary successfully gains access to one of your assets. To determine this, you should consider the <a class="glossary-term" href="/glossary/capability" data-term_id="150" data-description="&lt;div class=&quot;header&quot;&gt; &lt;h3&gt;&lt;a href=&quot;/glossary/capability&quot;&gt;Capability&lt;/a&gt;&lt;/h3&gt; &lt;button class=&quot;close&quot; aria-describedby=&quot;tooltip-action&quot;&gt;&lt;span class=&quot;icon&quot;&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; &lt;p&gt;The capability of an attacker (in the sense we use it in this guide) is what it is able to do to achieve its aims. For example, a country's security services might have the capability to listen to telephone calls while a neighbor may have the capability to watch you from their window. To say that an attacker &lt;em&gt;“&lt;/em&gt;has&lt;em&gt;&quot;&lt;/em&gt; a capability does not mean that they will necessarily use that capability. It does mean that you should consider and prepare for the possibility.&lt;/p&gt; ">capability <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a> of your adversary. For example, your mobile phone provider has access to all your phone records. Your government might have stronger capabilities.</p> <p><em>Write down what your adversary might want to do with your private data.</em></p> <a name="how-likely-is-it-that-i-will-need-to-protect-it"> </a><h3>How likely is it that I will need to protect it? <a href="#how-likely-is-it-that-i-will-need-to-protect-it" class="anchor">anchor link</a> </h3> <p><a class="glossary-term" href="/glossary/risk-assessment" data-term_id="130" data-description='&lt;div class="header"&gt; &lt;h3&gt;&lt;a href="/glossary/risk-assessment"&gt;Risk assessment&lt;/a&gt;&lt;/h3&gt; &lt;button class="close" aria-describedby="tooltip-action"&gt;&lt;span class="icon"&gt;&lt;/span&gt;&lt;/button&gt; &lt;/div&gt; &lt;p&gt;In computer security, risk analysis is calculating the chance that threats might succeed, so you know how much effort to spend defending against them. There may be many different ways that you might lose control or access to your data, but some of them are less likely than others. Conducting a risk assessment means deciding which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about. See threat modeling.&lt;/p&gt; '>Risk <img aria-hidden="true" src="/assets/efforg/info-7ae1fb29e1e734b20023f3e3470316c82b84a7e4b9f1d1e2f49e399f1f8de2d3.png"></a> is the likelihood that a particular threat against a particular asset will actually occur. It goes hand-in-hand with capability. For example, while your mobile phone provider has the capability to access all of your data, the risk of them posting your private data online to harm your reputation is low.</p> <p>It is important to distinguish between what might happen and the probability it may happen. For instance, there is a threat that your building might collapse, but the risk of this happening is far greater in San Francisco (where earthquakes are common) than in Stockholm (where they are not).</p> <p>Assessing risks is both a personal and a subjective process. Many people find certain threats unacceptable no matter the likelihood they will occur because the mere presence of the threat at any likelihood is not worth the cost. In other cases, people disregard high risks because they don’t view the threat as a problem.</p> <p><em>Write down which threats you are going to take seriously, and which may be too rare or too harmless (or too difficult to combat) to worry about.</em></p> <a name="how-much-trouble-am-i-willing-to-go-through-to-try-to-prevent-potential-consequences"> </a><h3>How much trouble am I willing to go through to try to prevent potential consequences? <a href="#how-much-trouble-am-i-willing-to-go-through-to-try-to-prevent-potential-consequences" class="anchor">anchor link</a> </h3> <p>There is no perfect option for security. Not everyone has the same priorities, concerns, or access to resources. Your risk assessment will allow you to plan the right strategy for you, balancing convenience, cost, and privacy.</p> <p>For example, an attorney representing a client in a national security case may be willing to go to greater lengths to protect communications about that case, such as using encrypted email, than a family member who regularly emails funny cat videos.</p> <p><em>Write down what options you have available to you to help mitigate your unique threats. Note if you have any financial constraints, technical constraints, or social constraints.</em></p> <a name="who-are-my-allies"> </a><h3>Who are my allies? <a href="#who-are-my-allies" class="anchor">anchor link</a> </h3> <p>As we’ve indicated several times throughout this guide—digital privacy and security is a team sport that’s best applied with the help of others. This is not just because there is power in numbers, but because your privacy and security overlap with others in your life. If a threat affects you, it could also affect them, and vice versa.</p> <p>Consider who you extend that trust to. For example, consider if someone may be an "insider threat," a person in your trusted network who could betray your security in one way or another. But don’t let the fear of an insider threat discourage you from making connections with others. Rather, use it as a guide to urge you to plan carefully and make sure others in your circles are taking their security seriously as well.</p> <p><em>Open up a dialogue with others who likely share the same concerns you do. Come to some shared agreements about how to care for each other, and what information to trust each other with. </em></p> <a name="security-planning-as-a-regular-practice"> </a><h2>Security planning as a regular practice <a href="#security-planning-as-a-regular-practice" class="anchor">anchor link</a> </h2> <p>Keep in mind your security plan can change as your situation changes. Thus, revisiting your security plan frequently is good practice.</p> <p class="tip">Create your own security plan based on your own unique situation. Then mark your calendar for a date in the future. This will prompt you to review your plan and check back in to determine whether it’s still relevant to your situation.</p> </div></div> </div> </div> </div> <footer> <div class="center"> <a class="logo" href="/" title="Home"> <img src="https://ssd.eff.org/assets/logo-footer-216585e7032331c8163db209c6fba94ae72baee66b6d4e62ef1b67fe534d7c84.png" alt="Surveillance Self-Defense logo" /> </a> <div class="site-name"> Surveillance<br>Self-Defense </div> <div class="footer-nav" role="navigation"> <ul class="flex-parent" dir="ltr"> <li><a href="/pages/about-surveillance-self-defense">About</a></li> <li><a href="/#index">Index</a></li> <li><a href="/glossary">Glossary</a></li> <li><a href="/pages/credits">Credits</a></li> <li><a href="https://supporters.eff.org/donate">Donate</a></li> </ul> </div> </div> </footer> <div id="footer-bottom" class="center" dir="ltr"> <ul class="flex-parent"> <li><a href="https://www.eff.org/copyright">Copyright (CC BY)</a></li> <li><a href="https://www.eff.org/policy">Privacy</a></li> </ul> </div> <script type="importmap" data-turbo-track="reload">{ "imports": { "jquery": "/assets/jquery-dffa084d8915bf507ac4c876f4dedea0cab68baacd9266ff82a66706ef56f264.js", "ckeditor/ckeditor": "/assets/ckeditor/ckeditor-53b7205163eeca5b511b43e34f1df6b2b0b401d11cf2c6884adfbbc4150c2881.js", "jquery-ui/jquery-ui": "/assets/jquery-ui/jquery-ui-0507eea9215b37aa68aced7033f3f0919a5f17b9a8c1ac7308e0fba7fd11e3bd.js", "railsujs": "/assets/railsujs-57c6effce760f866866bfa973534bccaa9f2ae315c8a64066bad179fa22bce0f.js", "select2/select2": "/assets/select2/select2-f79333530e65fc28b0339227e71cfc769d0229c39d7b2955c6045ad5e4f15f65.js", "sortable": "/assets/sortable-37be89ef017d92ccb51699051b444072861ad6d6593081f9935b43c601d955b6.js", "toastui-editor": "/assets/toastui-editor-b824a348e845a818ec06beadd61d1d53a267dd434b98e5fb02c9a80852b52ba2.js", "datatables.net": "/assets/datatables.net-0f394ccc57627c8f9eb6e629fe6db7e959b2cc5d2819e95f0d7fe2ba83dec8b0.js", "application": "/assets/application-48a5218f9ce75c4772ab1f2d4bd5da662eb82e8573e3ba95d4208eba9ed0cc66.js", "cms": "/assets/cms-1b0c9275141f603f9878406f671d40ac25a6cd61b47a6b12530718d687dcd80c.js", "ckeditor/otters-ckeditor": "/assets/ckeditor/otters-ckeditor-a9d8d6e2ba21bd0e980093eb169427f8ff929d81bcf0154096faf46070fdc2c9.js", "otters/cms/manual": "/assets/otters/cms/manual-86f2a686441461c7be9c9d5f8e29dad21a8a1c729cc2d2596c76c8ad1cf89121.js", "otters/cms/menus": "/assets/otters/cms/menus-410967d3575fd76437f229cf5f20e0dfb554346d059baef58f7f7e47488977aa.js", "otters/cms/nodes": "/assets/otters/cms/nodes-66e061029610ef74b7c97ecb095ae1cbf85191696a218851367af5a84a5b718e.js", "otters/cms/search": "/assets/otters/cms/search-05b89023d7b4bae4eb27c390119df904c2a2f2930b17dccd523fbd48dee474fd.js", "otters/cms": "/assets/otters/cms-aacfc3fe121fc90c1ae9907c42fd1ac96381ce40495714d410ebda6d41c3254c.js", "efforg/application": "/assets/efforg/application-17440bb0f83ef30483503814976f91b12a56e4015f179d060f215636a794a0d3.js", "efforg/cms": "/assets/efforg/cms-8e6c351a16668fe27601a562dcef4d608e38a9fadd1ae57d45a575ec1f35ab12.js" } }</script> <link rel="modulepreload" href="/assets/application-48a5218f9ce75c4772ab1f2d4bd5da662eb82e8573e3ba95d4208eba9ed0cc66.js"> <link rel="modulepreload" href="/assets/cms-1b0c9275141f603f9878406f671d40ac25a6cd61b47a6b12530718d687dcd80c.js"> <script src="/assets/es-module-shims.min-d89e73202ec09dede55fb74115af9c5f9f2bb965433de1c2446e1faa6dac2470.js" async="async" data-turbo-track="reload"></script> <script type="module">import "application"</script> <noscript> <img referrerpolicy="no-referrer-when-downgrade" src="https://anon-stats.eff.org/matomo.php?idsite=52&amp;rec=1" style="border:0" alt="" /> </noscript> <script type="text/javascript"> var _paq = window._paq = window._paq || []; /* tracker methods like "setCustomDimension" should be called before "trackPageView" */ _paq.push(['trackPageView']); _paq.push(['enableLinkTracking']); (function() { var u="https://anon-stats.eff.org/"; _paq.push(['setTrackerUrl', u+'matomo.php']); _paq.push(['setSiteId', '52']); var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0]; g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s); })(); </script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10