FAMILY & HOUSEHOLD DIGITAL EXPOSURE ASSESSMENT
[PRINCIPAL / FAMILY NAME - ASSESSMENT TITLE]
Defensive, consent-based assessment of the digital exposure of the principal’s family members and household - spouse/partner, children, other resident relatives, and domestic/staff members - and the attack surface this household constellation presents to an adversary targeting the principal. Center of gravity: enumerate what is discoverable about each household member through lawful open sources, assess how each member’s exposure chains into harm against the principal (cross-contamination, social-engineering bridge, physical approach via family routine, leverage/coercion vector), and prioritize household-wide remediation. This is the family/household exposure picture. It does NOT: reassess the principal’s own digital footprint (see Digital Footprint & Exposure Assessment); assess the physical security, perimeter, or structural vulnerability of the residence (see Residential Vulnerability & Threat Assessment); technically assess the home network, connected/IoT devices, or smart-home attack surface (Home Network & IoT Security Assessment); or investigate the adversary/threat actor (see Subject Threat Assessment / Protective Intelligence Assessment). It assesses the household’s collective exposure as it bears on the principal’s safety - it is not an investigation of any household member as an independent subject.
Document Control
| Field | Entry |
|---|---|
| Report Reference | [REF-YYYY-###] |
| Date of Report | [ ] |
| Classification / Handling | [e.g., CONFIDENTIAL // CLIENT EYES ONLY] |
| Client / Sponsor | [ ] |
| Requesting Party | [ ] |
| Principal / Household Head | [ ] |
| Household Members Assessed | [ ] |
| Consent / Authority Basis | [e.g., signed assessment authorization on file - ref; note any members who did not consent and were excluded] |
| Assessment Window (as-of) | [e.g., collection start–end dates; footprint is time-bound] |
| Prepared By | [ ] |
| Reviewed By | [ ] |
| Approving Officer | [ ] |
| Version | [ ] |
| Distribution | [ ] |
Handling, Legal & Ethical Caveat
State classification/TLP marking; confirm this is a consent-based household exposure assessment of the named principal and their consenting household members, conducted on lawful, publicly available information only (least-intrusive means; no authentication to or access of any account, system, or paywalled/restricted data the member does not own and authorize; no breach-data exfiltration). Note data-protection handling (GDPR/CCPA as applicable) for the principal and for each household member - especially minors, whose data warrants heightened sensitivity. State that this is not a consumer report and not to be used for FCRA-permissible-purpose decisions. Note the assessment is collected under footprint-minimization (the assessment must not itself enlarge any household member’s exposure or tip an adversary). Where suppression/legal-takedown action is contemplated, route to counsel. Where a household member declined consent, note the exclusion and the resulting assessment gap.
Household Exposure Snapshot
One-glance card: household composition (count of members by role), number of confirmed exposure items by severity band, headline household exposure rating, and the single most urgent cross-contamination remediation - all [ ] placeholders, no findings.
| Field | Entry |
|---|---|
| Principal (role / profile) | [e.g., role, public-profile level, threat context] |
| Household Members in Scope | [ ] (adults [ ] / minors [ ] / domestic staff [ ]) |
| Members Declining Consent / Excluded | [ ] |
| Confirmed Exposure Items (household-wide) | [ ] (Critical [ ] / High [ ] / Elevated [ ] / Moderate [ ] / Low [ ]) |
| Headline Household Exposure Rating | [e.g., band per §15 register] |
| Most Urgent Cross-Contamination Remediation | [ ] |
| Overall Analytic Confidence | [e.g., HIGH / MODERATE / LOW] |
Table of Contents
Numbered to the sections below; page numbers populate on export to Word/PDF.
- BLUF
- Executive Summary
- Key Judgments
- Priority Intelligence Requirements (PIRs)
- Assessment Scope, Household Profile & Collection Plan
- Household Composition & Relationship Mapping
- Per-Member Digital Exposure - Spouse / Partner
- Per-Member Digital Exposure - Children & Minors
- Per-Member Digital Exposure - Other Resident Relatives
- Per-Member Digital Exposure - Domestic & Household Staff
- Cross-Contamination & Leverage Pathways
- Household-Wide Exposure Severity Register
- Verified Findings Summary
- Red Flag / Notable Indicators
- Analysis of Competing Hypotheses (ACH)
- Key Assumptions Check (KAC)
- Collection Gaps & RFIs
- Household Remediation Plan & Recommendations
- Annex A - Sources & Methodology
- Appendices
1. BLUF
2–3 sentences, most critical household exposure first: the headline exposure rating, the single most consequential cross-contamination pathway it enables against the principal, and the most urgent household-wide remediation. No new analysis below it.
[ ]
2. Executive Summary
The triggering requirement (why this household-level assessment, threat context); scope in/out; a short narrative of the household’s overall exposure posture, the member(s) presenting the highest cross-contamination risk, and the dominant exposure categories - at altitude, deferring detail to the body sections.
[ ]
3. Key Judgments
The 3–6 load-bearing judgments about the household’s collective exposure and its bearing on the principal’s safety. Likelihood (that the household exposure is exploitable to harm the principal) and Analytic Confidence (in the evidence base) are SEPARATE columns - never combined (ICD 203). Each judgment carries a change indicator.
| # | Key Judgment | Likelihood (exploitable → harm to principal) | Analytic Confidence | Change Indicator (what would shift this) |
|---|---|---|---|---|
| KJ-1 | [ ] | [e.g., likely / probable (55–80%)] | [e.g., MODERATE] | [ ] |
| KJ-2 | [ ] | [ ] | [ ] | [ ] |
| KJ-3 | [ ] | [ ] | [ ] | [ ] |
| KJ-4 | [ ] | [ ] | [ ] | [ ] |
4. Priority Intelligence Requirements (PIRs)
The questions this assessment must answer about the household’s exposure as it bears on the principal’s safety, decomposed PIR → Indicator → SIR → source. Each PIR carries an answer/evidence/confidence row plus the summary matrix. Tie each PIR to a harm pathway the client cares about (social engineering via family member, physical approach via household routine, leverage/coercion via child or staff exposure).
- PIR-1: [e.g., Which household members have discoverable home-address or routine/location data that could enable physical approach to the principal?]
- Indicators / SIRs: [ ]
- Answer / Evidence: [ ]
- Analytic Confidence: [ ]
- PIR-2: [e.g., What social-media or online presence of spouse/partner or children exposes the principal’s identity, relationships, or schedule?]
- Indicators / SIRs: [ ]
- Answer / Evidence: [ ]
- Analytic Confidence: [ ]
- PIR-3: [e.g., Which household members have credential/breach exposure that could serve as a social-engineering bridge to the principal?]
- Indicators / SIRs: [ ]
- Answer / Evidence: [ ]
- Analytic Confidence: [ ]
- PIR-4: [e.g., What is the exposure posture of domestic/household staff, and does it present a leverage or access vector?]
- Indicators / SIRs: [ ]
- Answer / Evidence: [ ]
- Analytic Confidence: [ ]
| PIR | Status (answered / partial / open) | Key Evidence | Confidence | Residual Gap → RFI |
|---|---|---|---|---|
| PIR-1 | [ ] | [ ] | [ ] | [ ] |
| PIR-2 | [ ] | [ ] | [ ] | [ ] |
| PIR-3 | [ ] | [ ] | [ ] | [ ] |
| PIR-4 | [ ] | [ ] | [ ] | [ ] |
5. Assessment Scope, Household Profile & Collection Plan
Define the principal’s risk profile that drives household exposure weighting (public visibility, role, prior targeting, wealth signals); enumerate the household members in scope with their relationship to the principal and consent status; state what is in/out of scope; record the collection plan as a requirement → member → source-class → lawful-technique matrix with the standing publicly-available-only caveat. No live tool/broker brand names (those live in the dated reference dataset).
| Requirement | Household Member(s) | Exposure Layer | Source Class (open) | Lawful Technique | Coverage / Limitation |
|---|---|---|---|---|---|
| [ ] | [ ] | [e.g., surface web] | [e.g., general search] | [e.g., name/selector query] | [ ] |
| [ ] | [ ] | [e.g., social] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [e.g., data broker] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [e.g., breach exposure] | [ ] | [ ] | [ ] |
6. Household Composition & Relationship Mapping
The household roster: each member’s role, relationship to the principal, consent status, and the selectors enumerated for that member (legal names, known variants, usernames/handles, email addresses, phone numbers - as lawfully known). State identity-resolution confidence per member and the namesake/misattribution caveat. This section is the pivot table for all per-member exposure sections below.
| Member ID | Role / Relationship | Age Band (adult / minor / staff) | Consent Status | Selectors Enumerated | Resolution Confidence (Confirmed / Probable / Possible / Unresolved) | Notes / Disambiguation |
|---|---|---|---|---|---|---|
| HH-1 | [e.g., spouse/partner] | [ ] | [ ] | [ ] | [ ] | [ ] |
| HH-2 | [e.g., child] | [ ] | [ ] | [ ] | [ ] | [ ] |
| HH-3 | [e.g., child] | [ ] | [ ] | [ ] | [ ] | [ ] |
| HH-4 | [e.g., resident relative] | [ ] | [ ] | [ ] | [ ] | [ ] |
| HH-5 | [e.g., domestic staff] | [ ] | [ ] | [ ] | [ ] | [ ] |
7. Per-Member Digital Exposure - Spouse / Partner
The spouse/partner’s discoverable digital footprint: surface-web presence, social-media accounts and privacy posture, personal-data-broker listings, credential/breach exposure, and any physical-nexus or routine/location leakage. Assess each item for cross-contamination value - what an adversary learns about the principal through this member. One graded entry per material item.
| Exposure Item | Member ID | Where Discoverable (source class) | Selector Linked | Cross-Contamination Value (to principal) | Sensitivity | Removable? | Source Grade (A–F / 1–6) |
|---|---|---|---|---|---|---|---|
| [ ] | HH-1 | [ ] | [ ] | [ ] | [ ] | [e.g., yes / no / partial] | [ ] |
8. Per-Member Digital Exposure - Children & Minors
Each minor household member’s discoverable digital footprint. Apply heightened sensitivity: assess only what is lawfully and passively observable (no underage-account access, no social-engineering of minors). Focus on: school/activity listings exposing location and routine, parent-identified social-media posts (by the parent or about the child), images with geolocation/metadata leakage, and data-broker listings that include the minor. Assess the cross-contamination and leverage/coercion value to an adversary targeting the principal. One graded entry per material item per child.
| Exposure Item | Member ID | Age Band | Where Discoverable (source class) | Cross-Contamination / Leverage Value | Sensitivity | Removable? | Source Grade (A–F / 1–6) |
|---|---|---|---|---|---|---|---|
| [ ] | [HH-2, HH-3] | [ ] | [ ] | [ ] | [ ] | [e.g., yes / no / partial] | [ ] |
9. Per-Member Digital Exposure - Other Resident Relatives
Other adult relatives residing in the household (parents, siblings, extended family): discoverable footprint, social-media posture, data-broker exposure, and any linkage to the principal’s address or identity. Assess cross-contamination value. One graded entry per material item.
| Exposure Item | Member ID | Where Discoverable (source class) | Selector Linked | Cross-Contamination Value (to principal) | Sensitivity | Removable? | Source Grade (A–F / 1–6) |
|---|---|---|---|---|---|---|---|
| [ ] | [HH-4] | [ ] | [ ] | [ ] | [ ] | [e.g., yes / no / partial] | [ ] |
10. Per-Member Digital Exposure - Domestic & Household Staff
Domestic staff, nannies, caregivers, house managers, drivers, and other household employees: discoverable footprint, social-media posture, data-broker exposure, credential/breach exposure, and any public linkage to the principal’s household (employer references, professional profiles, address association). Assess the access vector and leverage/coercion value - staff members may have physical access to the residence, knowledge of routine, or access to the principal’s digital/physical assets. One graded entry per material item per staff member.
| Exposure Item | Member ID | Role | Where Discoverable (source class) | Access / Leverage Value | Sensitivity | Removable? | Source Grade (A–F / 1–6) |
|---|---|---|---|---|---|---|---|
| [ ] | [HH-5] | [ ] | [ ] | [ ] | [ ] | [e.g., yes / no / partial] | [ ] |
11. Cross-Contamination & Leverage Pathways
Chain individual household-member exposures into realistic pathways by which an adversary uses a family/household member to reach the principal. For each pathway: the enabling member exposures (cross-ref §7–10), the adversary’s assumed capability, the harm to the principal, and the disrupting remediation. Pathway types include: social-engineering bridge (adversary poses as known contact via compromised member account), physical approach via family routine (school drop-off, extracurricular, staff movements), leverage/coercion (threat to exposed member data or reputation), and access vector (staff member with residence access who is compromised or susceptible).
| Pathway | Type | Enabling Member Exposures (cross-ref §) | Adversary Capability Assumed | Harm to Principal | Disrupting Remediation |
|---|---|---|---|---|---|
| [e.g., social-engineering bridge] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [e.g., physical approach via routine] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [e.g., leverage / coercion] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [e.g., staff access vector] | [ ] | [ ] | [ ] | [ ] | [ ] |
12. Household-Wide Exposure Severity Register
Score each material household exposure on Likelihood (exploitability - that an adversary can and would use it against the principal) × Impact (harm to the principal if used), inherent → after-remediation residual. Score cells are EMPTY placeholders - this is a blank form. Use the verbatim risk-scoring key in Annex A.
| ID | Exposure Item (cross-ref §) | Member(s) Involved | Likelihood (1–5) | Impact (1–5) | Inherent Score (1–25) | Band | Remediation | Residual Score (1–25) | Residual Band |
|---|---|---|---|---|---|---|---|---|---|
| E-1 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| E-2 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| E-3 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| E-4 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
Consolidated household exposure heat map and the headline household exposure rating derive from this register.
13. Verified Findings Summary
Roll up each material household exposure with a verification status (verified by direct observation / unverified / contradicted), source grade, confidence, and materiality to the principal’s safety. Distinguish what was confirmed from what is inferred.
| Finding | Member(s) | Status (verified / unverified / contradicted) | Source Grade | Confidence | Materiality to Principal Safety |
|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
14. Red Flag / Notable Indicators
Household exposure indicators that warrant priority attention (e.g., minor’s real-time location leakage, staff member with breach exposure and residence access, spouse/partner with public routine posting and weak privacy settings, multiple household members sharing a compromised email domain). Provide the flag table, the indicator-type definitions, and a severity rollup.
| Flag | Type | Basis (cross-ref §) | Member(s) | Severity |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] |
Indicator-type definitions: [e.g., define each flag type used above].
15. Analysis of Competing Hypotheses (ACH)
Apply ACH to the central household exposure judgment (e.g., “the household’s collective exposure creates a viable pathway for an adversary to physically approach or socially engineer the principal through a family/household member”). List competing hypotheses and weigh the evidence for/against each; identify the most diagnostic evidence and what is consistent with multiple hypotheses.
| Evidence / Indicator | H1: [ ] | H2: [ ] | H3: [ ] |
|---|---|---|---|
| [ ] | [e.g., consistent / inconsistent / N/A] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] |
Most diagnostic evidence: [ ]. Hypothesis assessment: [ ].
16. Key Assumptions Check (KAC)
Surface the assumptions underpinning the household exposure assessment (completeness of household-member enumeration, accuracy of member attribution, adversary’s willingness to target family/staff, persistence of removed content, continued consent/cooperation of household members). For each: basis, confidence, and impact if wrong.
| Assumption | Basis | Confidence | Impact if Wrong |
|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] |
17. Collection Gaps & RFIs
Where the household exposure picture is incomplete (members who declined consent, unresolved selectors, platforms not lawfully accessible, suspected-but-unconfirmed exposure of a member, staff members not fully enumerated). State the gap, its impact on the assessment, the recommended (lawful) collection, and priority.
| Gap | Member(s) Affected | Impact on Assessment | Recommended Collection | Priority |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] |
18. Household Remediation Plan & Recommendations
Prioritized household-wide remediation across the standard lanes - suppression / removal (broker opt-out, de-index, content takedown - per member), hardening (privacy settings, credential hygiene, MFA, compartmentation - per member and household-wide), behavioral (oversharing discipline, geotag discipline, routine-opsec - per member and family-wide), and staff governance (staff digital-hygiene policy, background-check cadence, access controls). Each item: action, owner (principal / member / staff), lawful basis where a legal lever is used, priority, and sequencing (de-index before content where applicable). Execution at scale and ongoing cadence are deferred to a household privacy/OPSEC program/retainer; this report scopes and prioritizes.
| Priority | Recommendation | Lane (suppress / harden / behavioral / staff-governance) | Member(s) / Owner | Dependency / Sequencing |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] |
Recommendations are advisory and must respect platform terms and applicable law; legal-takedown and escalation levers route through counsel. Remediation affecting minors must be implemented by the parent/guardian and respect the minor’s privacy and developmental stage.
Annex A - Sources & Methodology
State the collection methods used (all lawful, open-source, least-intrusive); the source register graded with the Admiralty two-axis code; and the explicit likelihood-vs-confidence separation statement. Reproduce the reference scales below verbatim.
Collection methodology: [Describe the open-source collection approach, footprint-minimization measures, the publicly-available-only boundary, the per-member consent gate, the heightened sensitivity applied to minors’ data, and verification standard.]
Source register (graded):
| # | Source / Item | Member(s) Referenced | Type | Accessed (date) | Reliability (A–F) | Credibility (1–6) | Notes |
|---|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.
Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum carries a two-character grade, e.g., B2.)
Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely / highly improbable (05–20%) · unlikely / improbable (20–45%) · roughly even chance (45–55%) · likely / probable (55–80%) · very likely / highly probable (80–95%) · almost certain / nearly certain (95–99%).
Analytic confidence (evidence base, separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single / uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.
Risk scoring: Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.
Identity-resolution confidence: Confirmed / Probable / Possible / Unresolved, with the matched identifiers stated - disambiguation is explicit, never assumed.
Appendices
Attach: B - Household Roster & Selector Index; C - Full Source Register; D - Exposure-Item Evidence Archive & capture/chain-of-custody pointer (screenshots / archives captured lawfully); E - Per-Member Broker-Removal Register; F - Glossary; G - Revision History.
- Appendix B - Household Roster & Selector Index: [ ]
- Appendix C - Full Source Register: [ ]
- Appendix D - Evidence Archive & Chain-of-Custody Pointer: [ ]
- Appendix E - Per-Member Broker-Removal Register: [ ]
- Appendix F - Glossary: [ ]
- Appendix G - Revision History: [ ]
Verification disclaimer: this assessment reflects the household’s open-source exposure as observable within the stated assessment window using lawful, publicly available information only and only for consenting household members; digital exposure is dynamic and may change after the as-of date. No accounts or systems not owned and authorized by the assessed member were accessed. Minors’ data was handled with heightened sensitivity and only lawfully observable information was collected. Findings are advisory and are not a consumer report under the FCRA.
Document Control (footer): [REF-YYYY-###] · Version [ ] · Classification [ ] · Prepared [ ] · Reviewed [ ] · Approved [ ]
END OF REPORT
Model wiring
Generated from cell frontmatter at publish time.