- ~ posted 20 September 2015 at 00:40
It has been great to hear about a couple of human rights education (HRE) efforts lately. As a security person and newcomer to these conversations, it has been refreshing to learn that those creating these HRE programs are very mindful of the risks that attending such a program might create for the participant. At some point, the conversation generally turns to "what are the specific risks, and how can we reduce them?"
That is where threat modeling can help.
With that in mind, I've started to put together two models that are hopefully useful in HRE settings generally. The first model below describes the risks to attendees and appropriate risk mitigation options.
Looking at these you may be thinking that it is overkill for an education platform. Thinking about the types of topics HRE platforms might offer and the types of abuses that take place, security and privacy are actually quite important.
This second model focuses on risks for the HRE platform or presenting organization.
What are these missing? Are there other risks or mitigations that should be included? Let me know what you think!