Threat Modeling Guide: How to identify digital risks in international development projects

Digital security is essential for international development projects. International travel, sensitive communications and online harassment are just some of the areas where international development organizations are sensitive to digital threats. DW Akademie has developed two products to safeguard your organization and employees in the digital sphere: an online tool called Threat Check and a Digital Security: Threat Modeling Guide. Both of these products have been created with project managers of international development organizations in mind.

Designed from lived experiences 

In preparation for developing these products, we interviewed members of civil society from all over the world about times when they lost critical data, were digitally harassed on social media, were under surveillance by a state-driven actor or had to hand over digital devices to the police.  

Digital security threats come in many forms and involve a wide range of actors. Sometimes a threat occurs because an employee logged in to a work account using a personal computer, and sometimes powerful attackers go after activists and their supporters 

The online tool: Threat Check 

When it comes to digital security, it can be hard to know where to begin. To make it as simple as possible, DW Akademie has created Threat Check, an online tool that helps you to identify potential online threats and develop policy recommendations to protect your organization. Threat Check takes the user through eight areas were there are digital security risks, including Device Security, Communication, Online Harassment, Anonymity and Offine Security, among others. To build a tailored digital security policy that best works for you and your staff, simply answer a series of questions and a policy will be presented to you at the end. 

The Threat Modeling Guide 

The Digital Security: Threat Modeling Guide provides you with indepth information about threat modeling, how it works and why it is important. The threat modeling is broken up into four sections which address the questions: 

• What do I want to protect?  
• Who are my attackers? 
• Is my attacker able to succeed?  
• How likely is it that my attacker will succeed? 

Threat modeling involves two types of assessments. First, an analysis of the project’s environment (questions one and two) and an estimation of the likelihood that potential attacks will really happen (questions three and four). 

Together, Threat Check and the Threat Modeling Guide will raise your awareness of the digital threats your organization could face and help you to stop them before they become a problem.