DIGITAL FOOTPRINT & EXPOSURE ASSESSMENT
[PRINCIPAL / PROTECTEE NAME - ASSESSMENT TITLE]
Defensive, consent-based assessment of an individual principal’s open-source digital footprint and the attack surface it presents to an adversary. Center of gravity: enumerate what is discoverable about the principal through lawful open sources, assess how those exposures chain into harm (doxxing, social engineering, account takeover, physical targeting, surveillance), and prioritize remediation. This is the baseline individual exposure picture. It does NOT: extend enumeration across the full family/household (Family & Household Digital Exposure Assessment); model targeted doxxing/harassment attack pathways in depth (Doxxing Vulnerability & Attack-Surface Assessment); technically assess the home network and connected/IoT devices (Home Network & IoT Security Assessment); deep-dive the breach/dark-web corpus and trade forums (Dark-Web Exposure Assessment); or investigate the adversary/threat actor (Subject Threat Assessment / Protective Intelligence Assessment). It assesses the principal’s OWN exposure - it is not an investigation of a third party.
Document Control
| Field | Entry |
|---|---|
| Report Reference | [REF-YYYY-###] |
| Date of Report | [ ] |
| Classification / Handling | [e.g., CONFIDENTIAL // CLIENT EYES ONLY] |
| Client / Sponsor | [ ] |
| Requesting Party | [ ] |
| Principal(s) Assessed | [ ] |
| Consent / Authority Basis | [e.g., signed assessment authorization on file - ref] |
| Assessment Window (as-of) | [e.g., collection start–end dates; footprint is time-bound] |
| Prepared By | [ ] |
| Reviewed By | [ ] |
| Approving Officer | [ ] |
| Version | [ ] |
| Distribution | [ ] |
Handling, Legal & Ethical Caveat
State classification/TLP marking; confirm this is a consent-based self-exposure assessment of the named principal, conducted on lawful, publicly available information only (least-intrusive means; no authentication to or access of any account, system, or paywalled/restricted data the principal does not own and authorize; no breach-data exfiltration). Note data-protection handling (GDPR/CCPA as applicable) for the principal and for any third-party/household personal data incidentally surfaced. State that this is not a consumer report and not to be used for FCRA-permissible-purpose decisions. Note the assessment is collected under footprint-minimization (the assessment must not itself enlarge the principal’s exposure or tip an adversary). Where suppression/legal-takedown action is contemplated, route to counsel.
Principal Exposure Snapshot
One-glance card: principal identifiers in scope, number of confirmed exposure items by severity band, headline exposure rating, and the single most urgent remediation - all [ ] placeholders, no findings.
| Field | Entry |
|---|---|
| Principal (role / profile) | [e.g., role, public-profile level, threat context] |
| Selectors in Scope | [e.g., count of names/handles/emails/phones enumerated] |
| Confirmed Exposure Items | [ ] (Critical [ ] / High [ ] / Elevated [ ] / Moderate [ ] / Low [ ]) |
| Headline Exposure Rating | [e.g., band per §14 register] |
| Most Urgent Remediation | [ ] |
| Overall Analytic Confidence | [e.g., HIGH / MODERATE / LOW] |
Table of Contents
Numbered to the sections below; page numbers populate on export to Word/PDF.
- BLUF
- Executive Summary
- Key Judgments
- Priority Intelligence Requirements (PIRs)
- Assessment Scope, Profile & Collection Plan
- Identity & Selector Inventory
- Surface-Web Footprint
- Social Media & Networking Exposure
- Personal-Data-Broker & People-Search Exposure
- Credential & Breach Exposure
- Technical & Infrastructure Footprint
- Physical-Nexus Exposure
- Exposure-to-Harm Pathways
- Exposure Severity Register
- Verified Findings Summary
- Red Flag / Notable Indicators
- Analysis of Competing Hypotheses (ACH)
- Key Assumptions Check (KAC)
- Collection Gaps & RFIs
- Remediation Plan & Recommendations
- Annex A - Sources & Methodology
- Appendices
1. BLUF
2–3 sentences, most critical exposure first: the headline exposure rating, the single most consequential harm pathway it enables, and the most urgent recommended remediation. No new analysis below it.
[ ]
2. Executive Summary
The triggering requirement (why this assessment, threat context); scope in/out; a short narrative of the principal’s overall exposure posture and the dominant exposure categories - at altitude, deferring detail to the body sections.
[ ]
3. Key Judgments
The 3–6 load-bearing judgments about the principal’s exposure. Likelihood (that the exposure is exploitable / leads to harm) and Analytic Confidence (in the evidence base) are SEPARATE columns - never combined (ICD 203). Each judgment carries a change indicator.
| # | Key Judgment | Likelihood (exploitable → harm) | Analytic Confidence | Change Indicator (what would shift this) |
|---|---|---|---|---|
| KJ-1 | [ ] | [e.g., likely / probable (55–80%)] | [e.g., MODERATE] | [ ] |
| KJ-2 | [ ] | [ ] | [ ] | [ ] |
| KJ-3 | [ ] | [ ] | [ ] | [ ] |
| KJ-4 | [ ] | [ ] | [ ] | [ ] |
4. Priority Intelligence Requirements (PIRs)
The questions this assessment must answer about the principal’s exposure, decomposed PIR → Indicator → SIR → source. Each PIR carries an answer/evidence/confidence row plus the summary matrix. Tie each PIR to a harm the client cares about (physical targeting, reputational, financial, account compromise).
- PIR-1: [e.g., What of the principal’s home/physical-location data is openly discoverable, and through which sources?]
- Indicators / SIRs: [ ]
- Answer / Evidence: [ ]
- Analytic Confidence: [ ]
- PIR-2: [ ]
- PIR-3: [ ]
| PIR | Status (answered / partial / open) | Key Evidence | Confidence | Residual Gap → RFI |
|---|---|---|---|---|
| PIR-1 | [ ] | [ ] | [ ] | [ ] |
| PIR-2 | [ ] | [ ] | [ ] | [ ] |
| PIR-3 | [ ] | [ ] | [ ] | [ ] |
5. Assessment Scope, Profile & Collection Plan
Define the principal’s risk profile that drives exposure weighting (public visibility, role, prior targeting, family/wealth signals); state what is in/out of scope; record the collection plan as a requirement → source-class → lawful-technique matrix with the standing publicly-available-only caveat. No live tool/broker brand names (those live in the dated reference dataset).
| Requirement | Exposure Layer | Source Class (open) | Lawful Technique | Coverage / Limitation |
|---|---|---|---|---|
| [ ] | [e.g., surface web] | [e.g., general search] | [e.g., name/selector query] | [ ] |
| [ ] | [e.g., social] | [ ] | [ ] | [ ] |
| [ ] | [e.g., data broker] | [ ] | [ ] | [ ] |
6. Identity & Selector Inventory
The pivot set: the principal’s enumerated selectors (legal/known names and variants, usernames/handles, email addresses, phone numbers, personal domains, device/account identifiers as lawfully known). State identity-resolution confidence per selector and the namesake/misattribution caveat - every downstream finding is only as good as the selector→principal link.
| Selector | Type | Resolution Confidence (Confirmed / Probable / Possible / Unresolved) | Notes / Disambiguation |
|---|---|---|---|
| [ ] | [e.g., email] | [ ] | [ ] |
| [ ] | [e.g., handle] | [ ] | [ ] |
| [ ] | [e.g., phone] | [ ] | [ ] |
7. Surface-Web Footprint
What a general search of the principal’s selectors surfaces: indexed pages, bios, directory/roster listings, news/PR, professional profiles, cached/archived content, image results. Assess discoverability, accuracy, and removability. One graded entry per material item.
| Footprint Item | Where Discoverable (source class) | Selector Linked | Sensitivity | Removable? | Source Grade (A–F / 1–6) |
|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [e.g., yes / no / partial] | [ ] |
8. Social Media & Networking Exposure
Per platform presence attributable to the principal: account discoverability, privacy-setting posture, oversharing of routine/location/travel, image-metadata/geolocation leakage, and connection-graph exposure (who is reachable through the principal). Assess what an adversary learns and how. Defer family-member account enumeration to the Family & Household product.
| Platform / Presence | Attribution Confidence | Privacy Posture | Exposed Elements (location / routine / relationships / media) | Exploitability |
|---|---|---|---|---|
| [ ] | [ ] | [e.g., open / partial / locked] | [ ] | [ ] |
9. Personal-Data-Broker & People-Search Exposure
Aggregator / people-search / data-broker listings exposing home address, phone, relatives, age/DOB, property and other PII. Record each listing as a removal-register row (broker class, exposed fields, opt-out/suppression path, status). Brand/URL specifics live in the dated reference dataset, not here.
| Broker / Aggregator Class | Exposed Fields | Cross-Links (relatives / addresses) | Suppression Path | Removal Status |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [e.g., opt-out / legal request] | [e.g., open / submitted / removed] |
10. Credential & Breach Exposure
Exposure of the principal’s email/credential/identity data in known public breach corpora, assessed via lawful exposure-checking only (no acquisition, decryption, or use of breached secrets; no account access). Record exposure existence, data classes implicated, and reuse/account-takeover risk. Deep dark-web/forum trade analysis is deferred to the Dark-Web Exposure Assessment.
| Exposed Selector | Breach / Exposure Class | Data Classes Implicated | Reuse / ATO Risk | Source Grade | Confidence |
|---|---|---|---|---|---|
| [ ] | [ ] | [e.g., email+password, security Q] | [ ] | [ ] | [ ] |
11. Technical & Infrastructure Footprint
Open, externally visible technical surface tied to the principal: personal domains and registration/WHOIS exposure, self-hosted services, public IP/hostname leakage, and external-facing service banners discoverable through passive, lawful means. Note where deeper assessment is required and route the home-network/IoT interior to the Home Network & IoT Security Assessment.
| Asset / Indicator | Discovery Method (passive / open) | Exposed Detail | Risk | Route-To (if deeper) |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [e.g., Home Network & IoT product] |
12. Physical-Nexus Exposure
The subset of digital exposure that enables physical targeting of the principal: discoverable home / secondary-residence address, property records, vehicle/registration hints, routine and pattern-of-life signals, and real-time or near-real-time location leakage (check-ins, geotags, live streams). This section is the bridge between digital exposure and protective-security risk.
| Physical-Nexus Item | Source Class | What It Enables (targeting value) | Severity | Mitigation Lane |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [e.g., suppression / address-shielding] |
13. Exposure-to-Harm Pathways
Chain individual exposures into realistic harm pathways - how an adversary composes surface + social + broker + breach + physical-nexus items into a concrete attack (doxxing, social-engineering / pretext, account takeover, physical approach, surveillance). State the enabling exposures and the disrupting remediation per pathway. Detailed doxxing-specific pathway modeling is deferred to the Doxxing Vulnerability & Attack-Surface Assessment.
| Harm Pathway | Enabling Exposures (cross-ref §) | Adversary Capability Assumed | Disrupting Remediation |
|---|---|---|---|
| [e.g., physical targeting] | [ ] | [ ] | [ ] |
| [e.g., social engineering] | [ ] | [ ] | [ ] |
| [e.g., account takeover] | [ ] | [ ] | [ ] |
14. Exposure Severity Register
Score each material exposure on Likelihood (exploitability - that an adversary can and would use it) × Impact (harm to the principal if used), inherent → after-remediation residual. Score cells are EMPTY placeholders - this is a blank form. Use the verbatim risk-scoring key in Annex A.
| ID | Exposure Item (cross-ref §) | Likelihood (1–5) | Impact (1–5) | Inherent Score (1–25) | Band | Remediation | Residual Score (1–25) | Residual Band |
|---|---|---|---|---|---|---|---|---|
| E-1 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| E-2 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| E-3 | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
Consolidated exposure heat map and the headline exposure rating derive from this register.
15. Verified Findings Summary
Roll up each material exposure with a verification status (verified by direct observation / unverified / contradicted), source grade, confidence, and materiality to the principal’s safety. Distinguish what was confirmed from what is inferred.
| Finding | Status (verified / unverified / contradicted) | Source Grade | Confidence | Materiality |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] |
16. Red Flag / Notable Indicators
Exposure indicators that warrant priority attention (e.g., real-time location leakage, exposed home address paired with a known threat, credential reuse on critical accounts). Provide the flag table, the indicator-type definitions, and a severity rollup.
| Flag | Type | Basis (cross-ref §) | Severity |
|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] |
Indicator-type definitions: [e.g., define each flag type used above].
17. Analysis of Competing Hypotheses (ACH)
Apply ACH to the central exposure judgment (e.g., “the principal’s current exposure is sufficient to enable [named harm pathway] by [assumed adversary]”). List competing hypotheses and weigh the evidence for/against each; identify the most diagnostic evidence and what is consistent with multiple hypotheses.
| Evidence / Indicator | H1: [ ] | H2: [ ] | H3: [ ] |
|---|---|---|---|
| [ ] | [e.g., consistent / inconsistent / N/A] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] |
Most diagnostic evidence: [ ]. Hypothesis assessment: [ ].
18. Key Assumptions Check (KAC)
Surface the assumptions underpinning the exposure assessment (adversary capability / intent, completeness of selector enumeration, accuracy of attribution, persistence of removed content). For each: basis, confidence, and impact if wrong.
| Assumption | Basis | Confidence | Impact if Wrong |
|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] |
19. Collection Gaps & RFIs
Where the exposure picture is incomplete (unresolved selectors, platforms not lawfully accessible, suspected-but-unconfirmed exposure). State the gap, its impact on the assessment, the recommended (lawful) collection, and priority.
| Gap | Impact on Assessment | Recommended Collection | Priority |
|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] |
20. Remediation Plan & Recommendations
Prioritized remediation across the standard lanes - suppression / removal (broker opt-out, de-index, content takedown), hardening (privacy settings, credential hygiene, MFA, compartmentation), and behavioral (oversharing, geotag discipline). Each item: action, owner, lawful basis where a legal lever is used, priority, and sequencing (de-index before content where applicable). Execution at scale and ongoing cadence are deferred to a privacy/OPSEC program/retainer; this report scopes and prioritizes.
| Priority | Recommendation | Lane (suppress / harden / behavioral) | Owner | Dependency / Sequencing |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] |
Recommendations are advisory and must respect platform terms and applicable law; legal-takedown and escalation levers route through counsel.
Annex A - Sources & Methodology
State the collection methods used (all lawful, open-source, least-intrusive); the source register graded with the Admiralty two-axis code; and the explicit likelihood-vs-confidence separation statement. Reproduce the reference scales below verbatim.
Collection methodology: [Describe the open-source collection approach, footprint-minimization measures, the publicly-available-only boundary, and verification standard.]
Source register (graded):
| # | Source / Item | Type | Accessed (date) | Reliability (A–F) | Credibility (1–6) | Notes |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.
Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum carries a two-character grade, e.g., B2.)
Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely / highly improbable (05–20%) · unlikely / improbable (20–45%) · roughly even chance (45–55%) · likely / probable (55–80%) · very likely / highly probable (80–95%) · almost certain / nearly certain (95–99%).
Analytic confidence (evidence base, separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single / uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.
Risk scoring: Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.
Identity-resolution confidence: Confirmed / Probable / Possible / Unresolved, with the matched identifiers stated - disambiguation is explicit, never assumed.
Appendices
Attach: B - Selector & Identifier Index; C - Full Source Register; D - Exposure-Item Evidence Archive & capture/chain-of-custody pointer (screenshots / archives captured lawfully); E - Broker-Removal Register; F - Glossary; G - Revision History.
- Appendix B - Selector & Identifier Index: [ ]
- Appendix C - Full Source Register: [ ]
- Appendix D - Evidence Archive & Chain-of-Custody Pointer: [ ]
- Appendix E - Broker-Removal Register: [ ]
- Appendix F - Glossary: [ ]
- Appendix G - Revision History: [ ]
Verification disclaimer: this assessment reflects the principal’s open-source exposure as observable within the stated assessment window using lawful, publicly available information only; digital exposure is dynamic and may change after the as-of date. No accounts or systems not owned and authorized by the principal were accessed. Findings are advisory and are not a consumer report under the FCRA.
Document Control (footer): [REF-YYYY-###] · Version [ ] · Classification [ ] · Prepared [ ] · Reviewed [ ] · Approved [ ]
END OF REPORT
Model wiring
Generated from cell frontmatter at publish time.