tuxwise<p>(7/N) You should now have a spreadsheet filled with a list of all of your data and device "assets" (that you were able to remember, so far).</p><p>BTW, that spreadsheet is stored on encrypted media only, isn't it?</p><p>Now, for each asset, verify again that you have set all appropriate category checkmarks in the columns described under (4/N):</p><p><a href="https://mastodon.de/@tuxwise/113521613245140566" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113521613</span><span class="invisible">245140566</span></a></p><p>Then, considering not just quantifiable damage like a potential loss of money, but also the abstracts assets listed under (3/N) …</p><p><a href="https://mastodon.de/@tuxwise/113514249877671549" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113514249</span><span class="invisible">877671549</span></a></p><p>… reflect a little, per specific asset, how bad the consequences would be if it were disclosed, destroyed, or deanonymized. If you wish, track the consequences in an additional column, possibly using a qualitative range like: 🤷 … 😟 … 😳 … 😭 … 😱</p><p>Unlike with traditional, or "corporate" threat modeling, I find it less helpful to try and merely quantify such an assessment of potential damages, and to separate it from recording the assets. I also find it not helpful to consider various types of bad actors already, at this stage.</p><p>Since everything in our asset list relates to us, individually and personally, measurable damage like a potential loss of money is only a part of the impact.</p><p>As humans, we can't just (more or less) gracefully disappear [*], like a business, or an organization. We also don't get much relief from claiming we've been as diligent as mandated by regulations or policies, since we won't be merely held "accountable" for damages, but will actually suffer from them, physically and psychologically, possibly for life.</p><p>Start of this thread:<br><a href="https://mastodon.de/@tuxwise/113503228291818865" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mastodon.de/@tuxwise/113503228</span><span class="invisible">291818865</span></a></p><p><a href="https://mastodon.de/tags/ThreadModeling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreadModeling</span></a> <a href="https://mastodon.de/tags/4D" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>4D</span></a> </p><p>[*] No, not even in countries with moderate tracking of the whereabouts and names of their citizens.</p>