Threat Inventory

Explore detail 09

Purpose & Output

This exercise will help you prioritise threats and divine the causes, ramifications, sources as well as the required resources, existing actions and possible next steps.

The output of this exercise is an inventory of your prioritised threats in some detail, which will be used in Chapter 3.1 Responding to Threats to help you create plans of action.

Input & Materials

  • Actor and relational maps
  • Information ecosystem
  • Security indicators
  • Impact/Likelihood matrix


  • Pen and paper
  • Flip-chart
  • Markers

Format & Steps

First, beginning with the threat brainstorm from the previous exercise, consider the threats listed in terms of their likelihood and impact. Make a selection of those you consider to be most likely and as having the strongest impact to use for the next exercise.

It may be useful to separate and organise threats according to particular activities (e.g. separating those which specifically arise in the context of protests from those which relate to the day-to-day running of your office).

Start with what you consider the highest priority threat, based on the impact/likelihood matrix, and using the example template provided, elaborate (individually or in a group).

Write down the title and summary of the threats.

For each threat, if it is a complex threat, you may decide to divide and analyse sub-threats (for instance, an office raid and arrest may be easier to analyse if separated to include the numerous consequences each would include – potentially arrests, confiscation of devices, judicial harassment, etc.). Use the rows to expand each of the below per sub-threat.

Work through the following questions for each threat. It is possible that some threats are complex, and some of the answers require their own space. Use as many rows as necessary. If, for instance, a threat constitutes an attack on a person, as well as the information they are carrying, you may want to use one row to describe the informational aspects and another for the person in question.

What: Describe what happens if the threat is carried out. Think of the impact it might have on you, your organisation, your allies. Include damages to physical space, human stress and trauma, informational compromise, etc.

Who: Identify the person/organisation/entity behind the threat: Referring back to the actor map, you can focus on information regarding this specific adversary:

  • What are their capabilities?
  • What are their limitations to carrying out these threats?
  • Are there neutral parties or allies that can influence them?
  • Is there a history of such action against you or an ally?

Whom/what: identify the potential target of the threat; specific information being stolen, a specific person under attack (physically, emotionally, financially), material and resource under threat (confiscation or destruction of property).

How: What information is needed? What information is necessary for the adversary to be able to carry out the threat? Where might they get this information?

Where: describe the place where the potential attack might take place. Does an attacker need access to the same location as you, as is often the case in a physical attack? What are the characteristics of the location in question? How can we you it to keep safe? What is more dangerous about it?

Elaborate on the psychological, emotional and health factors  as they relate to this threat, including the effect your stress levels, tiredness, fear and other factors on the potential occurrence of this threat. Consider:

  1. How might your current mindset affect any planning and contingency measures being carried out?
  2. Does this threat take place in the context of a particular activity? What kind of mental or physical state do you find yourself in during such activities? What are some best practices which may protect you, or what might make you more vulnerable?
  3. What elements of your behaviour or state of mind may actually increase the probability of this happening, or its impact?