Make it Personal

The individual vulnerability assessment is meant to examine the digital footprint of the individuals of an organization. This assessment is done by identifying intelligence using publicly available resources. The purpose of this assessment is to identify areas that might be vulnerable to exploitation by an attacker attempting to identify the individual.

This assessment is conducted in two phases. First, the individuals digital footprint is assessed. Secondly, a CARA analysis is performed. A CARA analysis focuses on four main areas of an individuals data to make a determination of that individual using their online presence.

  • C - Characteristics: The personal characteristics of the individual that give a sense of the individuals ideology, their personality, and the traits portrayed online that make up their online personality.

  • A - Associations: These are the personal and professional attributes that give a sense of the individuals place in their organizations and their inner circles.

  • R - Reputation: Or personal reputation, how do others online view the individual.

  • A - Affiliations: Who is the individual affiliated with, this is a sense of their connections, their inner circles, their professional associations, etc.

Who is this for?

This type of analysis is popular for individuals of an organization that hold a position of influence or power. Individuals such as members of the C-Suite, directors, owners, or even individuals that will be hired into those positions. However, this type of assessment is not limited to those individuals and can be used for any individual of an organization to identify their online presence and how that may be detrimental for the organization if they were to become an adversarial target, people who are in high ranking technology positions or individuals that have access to potentially sensitive information.

Why perform the individual assessment?

The purpose behind this type of analysis is to identify how the individual relates back to the organization and how that individuals online presence can make the organization a target for attackers in one of many areas to include political advocates, hactivists or hackers, or competitive organizations. This assessment will search for data that can be used to launch an attack against the organization through the individual and provide guidance on how to protect the data or have it removed.