Threat modeling is foundational to thinking through security broadly, and we therefore introduce it before several other more technical topics. We first encourage the use of physical metaphors (e.g., choosing how and where to lock a bicycle) before introducing digital applications to help beginners understand how they may already create informal threat models in their lives. We then extend this metaphor to the digital realm while conducting the exercise, using the Electronic Frontier Foundation's risk assessment handout.
Note that you will need to print one threat modeling handout in advance for each student.
Upon successful completion of this lesson, students will be able to construct and document a threat model.
Because it's such a useful framing for thinking about security concerns, threat modeling is a foundational concept for all subsequent topics in digital security for journalists. Threat modeling focuses on dissecting a security issue into smaller pieces that can be analyzed. This can help students understand whether they should realistically be concerned about the potential of a security threat, and how to think about the appropriate ways to respond. In this way, threat modeling can help students narrow in on issues worth fixing and how, then shut out the noise, so they can focus on their job.
Try out a threat modeling exercise with your class. Ask them to imagine one piece of information they'd like to keep for only themselves or their student newsroom. What might they do to protect it?
For this exercise, the Electronic Frontier Foundation offers a helpful handout (let students know they will be asked to share what they wrote down): Threat Modeling Activity Handout (English, Spanish)