DIGITAL FOOTPRINT & EXPOSURE ASSESSMENT

[PRINCIPAL / PROTECTEE NAME - ASSESSMENT TITLE]

Defensive, consent-based assessment of an individual principal’s open-source digital footprint and the attack surface it presents to an adversary. Center of gravity: enumerate what is discoverable about the principal through lawful open sources, assess how those exposures chain into harm (doxxing, social engineering, account takeover, physical targeting, surveillance), and prioritize remediation. This is the baseline individual exposure picture. It does NOT: extend enumeration across the full family/household (Family & Household Digital Exposure Assessment); model targeted doxxing/harassment attack pathways in depth (Doxxing Vulnerability & Attack-Surface Assessment); technically assess the home network and connected/IoT devices (Home Network & IoT Security Assessment); deep-dive the breach/dark-web corpus and trade forums (Dark-Web Exposure Assessment); or investigate the adversary/threat actor (Subject Threat Assessment / Protective Intelligence Assessment). It assesses the principal’s OWN exposure - it is not an investigation of a third party.


Document Control

FieldEntry
Report Reference[REF-YYYY-###]
Date of Report[ ]
Classification / Handling[e.g., CONFIDENTIAL // CLIENT EYES ONLY]
Client / Sponsor[ ]
Requesting Party[ ]
Principal(s) Assessed[ ]
Consent / Authority Basis[e.g., signed assessment authorization on file - ref]
Assessment Window (as-of)[e.g., collection start–end dates; footprint is time-bound]
Prepared By[ ]
Reviewed By[ ]
Approving Officer[ ]
Version[ ]
Distribution[ ]

State classification/TLP marking; confirm this is a consent-based self-exposure assessment of the named principal, conducted on lawful, publicly available information only (least-intrusive means; no authentication to or access of any account, system, or paywalled/restricted data the principal does not own and authorize; no breach-data exfiltration). Note data-protection handling (GDPR/CCPA as applicable) for the principal and for any third-party/household personal data incidentally surfaced. State that this is not a consumer report and not to be used for FCRA-permissible-purpose decisions. Note the assessment is collected under footprint-minimization (the assessment must not itself enlarge the principal’s exposure or tip an adversary). Where suppression/legal-takedown action is contemplated, route to counsel.

Principal Exposure Snapshot

One-glance card: principal identifiers in scope, number of confirmed exposure items by severity band, headline exposure rating, and the single most urgent remediation - all [ ] placeholders, no findings.

FieldEntry
Principal (role / profile)[e.g., role, public-profile level, threat context]
Selectors in Scope[e.g., count of names/handles/emails/phones enumerated]
Confirmed Exposure Items[ ] (Critical [ ] / High [ ] / Elevated [ ] / Moderate [ ] / Low [ ])
Headline Exposure Rating[e.g., band per §14 register]
Most Urgent Remediation[ ]
Overall Analytic Confidence[e.g., HIGH / MODERATE / LOW]

Table of Contents

Numbered to the sections below; page numbers populate on export to Word/PDF.

  1. BLUF
  2. Executive Summary
  3. Key Judgments
  4. Priority Intelligence Requirements (PIRs)
  5. Assessment Scope, Profile & Collection Plan
  6. Identity & Selector Inventory
  7. Surface-Web Footprint
  8. Social Media & Networking Exposure
  9. Personal-Data-Broker & People-Search Exposure
  10. Credential & Breach Exposure
  11. Technical & Infrastructure Footprint
  12. Physical-Nexus Exposure
  13. Exposure-to-Harm Pathways
  14. Exposure Severity Register
  15. Verified Findings Summary
  16. Red Flag / Notable Indicators
  17. Analysis of Competing Hypotheses (ACH)
  18. Key Assumptions Check (KAC)
  19. Collection Gaps & RFIs
  20. Remediation Plan & Recommendations
  21. Annex A - Sources & Methodology
  22. Appendices

1. BLUF

2–3 sentences, most critical exposure first: the headline exposure rating, the single most consequential harm pathway it enables, and the most urgent recommended remediation. No new analysis below it.

[ ]

2. Executive Summary

The triggering requirement (why this assessment, threat context); scope in/out; a short narrative of the principal’s overall exposure posture and the dominant exposure categories - at altitude, deferring detail to the body sections.

[ ]

3. Key Judgments

The 3–6 load-bearing judgments about the principal’s exposure. Likelihood (that the exposure is exploitable / leads to harm) and Analytic Confidence (in the evidence base) are SEPARATE columns - never combined (ICD 203). Each judgment carries a change indicator.

#Key JudgmentLikelihood (exploitable → harm)Analytic ConfidenceChange Indicator (what would shift this)
KJ-1[ ][e.g., likely / probable (55–80%)][e.g., MODERATE][ ]
KJ-2[ ][ ][ ][ ]
KJ-3[ ][ ][ ][ ]
KJ-4[ ][ ][ ][ ]

4. Priority Intelligence Requirements (PIRs)

The questions this assessment must answer about the principal’s exposure, decomposed PIR → Indicator → SIR → source. Each PIR carries an answer/evidence/confidence row plus the summary matrix. Tie each PIR to a harm the client cares about (physical targeting, reputational, financial, account compromise).

  • PIR-1: [e.g., What of the principal’s home/physical-location data is openly discoverable, and through which sources?]
    • Indicators / SIRs: [ ]
    • Answer / Evidence: [ ]
    • Analytic Confidence: [ ]
  • PIR-2: [ ]
  • PIR-3: [ ]
PIRStatus (answered / partial / open)Key EvidenceConfidenceResidual Gap → RFI
PIR-1[ ][ ][ ][ ]
PIR-2[ ][ ][ ][ ]
PIR-3[ ][ ][ ][ ]

5. Assessment Scope, Profile & Collection Plan

Define the principal’s risk profile that drives exposure weighting (public visibility, role, prior targeting, family/wealth signals); state what is in/out of scope; record the collection plan as a requirement → source-class → lawful-technique matrix with the standing publicly-available-only caveat. No live tool/broker brand names (those live in the dated reference dataset).

RequirementExposure LayerSource Class (open)Lawful TechniqueCoverage / Limitation
[ ][e.g., surface web][e.g., general search][e.g., name/selector query][ ]
[ ][e.g., social][ ][ ][ ]
[ ][e.g., data broker][ ][ ][ ]

6. Identity & Selector Inventory

The pivot set: the principal’s enumerated selectors (legal/known names and variants, usernames/handles, email addresses, phone numbers, personal domains, device/account identifiers as lawfully known). State identity-resolution confidence per selector and the namesake/misattribution caveat - every downstream finding is only as good as the selector→principal link.

SelectorTypeResolution Confidence (Confirmed / Probable / Possible / Unresolved)Notes / Disambiguation
[ ][e.g., email][ ][ ]
[ ][e.g., handle][ ][ ]
[ ][e.g., phone][ ][ ]

7. Surface-Web Footprint

What a general search of the principal’s selectors surfaces: indexed pages, bios, directory/roster listings, news/PR, professional profiles, cached/archived content, image results. Assess discoverability, accuracy, and removability. One graded entry per material item.

Footprint ItemWhere Discoverable (source class)Selector LinkedSensitivityRemovable?Source Grade (A–F / 1–6)
[ ][ ][ ][ ][e.g., yes / no / partial][ ]

8. Social Media & Networking Exposure

Per platform presence attributable to the principal: account discoverability, privacy-setting posture, oversharing of routine/location/travel, image-metadata/geolocation leakage, and connection-graph exposure (who is reachable through the principal). Assess what an adversary learns and how. Defer family-member account enumeration to the Family & Household product.

Platform / PresenceAttribution ConfidencePrivacy PostureExposed Elements (location / routine / relationships / media)Exploitability
[ ][ ][e.g., open / partial / locked][ ][ ]

9. Personal-Data-Broker & People-Search Exposure

Aggregator / people-search / data-broker listings exposing home address, phone, relatives, age/DOB, property and other PII. Record each listing as a removal-register row (broker class, exposed fields, opt-out/suppression path, status). Brand/URL specifics live in the dated reference dataset, not here.

Broker / Aggregator ClassExposed FieldsCross-Links (relatives / addresses)Suppression PathRemoval Status
[ ][ ][ ][e.g., opt-out / legal request][e.g., open / submitted / removed]

10. Credential & Breach Exposure

Exposure of the principal’s email/credential/identity data in known public breach corpora, assessed via lawful exposure-checking only (no acquisition, decryption, or use of breached secrets; no account access). Record exposure existence, data classes implicated, and reuse/account-takeover risk. Deep dark-web/forum trade analysis is deferred to the Dark-Web Exposure Assessment.

Exposed SelectorBreach / Exposure ClassData Classes ImplicatedReuse / ATO RiskSource GradeConfidence
[ ][ ][e.g., email+password, security Q][ ][ ][ ]

11. Technical & Infrastructure Footprint

Open, externally visible technical surface tied to the principal: personal domains and registration/WHOIS exposure, self-hosted services, public IP/hostname leakage, and external-facing service banners discoverable through passive, lawful means. Note where deeper assessment is required and route the home-network/IoT interior to the Home Network & IoT Security Assessment.

Asset / IndicatorDiscovery Method (passive / open)Exposed DetailRiskRoute-To (if deeper)
[ ][ ][ ][ ][e.g., Home Network & IoT product]

12. Physical-Nexus Exposure

The subset of digital exposure that enables physical targeting of the principal: discoverable home / secondary-residence address, property records, vehicle/registration hints, routine and pattern-of-life signals, and real-time or near-real-time location leakage (check-ins, geotags, live streams). This section is the bridge between digital exposure and protective-security risk.

Physical-Nexus ItemSource ClassWhat It Enables (targeting value)SeverityMitigation Lane
[ ][ ][ ][ ][e.g., suppression / address-shielding]

13. Exposure-to-Harm Pathways

Chain individual exposures into realistic harm pathways - how an adversary composes surface + social + broker + breach + physical-nexus items into a concrete attack (doxxing, social-engineering / pretext, account takeover, physical approach, surveillance). State the enabling exposures and the disrupting remediation per pathway. Detailed doxxing-specific pathway modeling is deferred to the Doxxing Vulnerability & Attack-Surface Assessment.

Harm PathwayEnabling Exposures (cross-ref §)Adversary Capability AssumedDisrupting Remediation
[e.g., physical targeting][ ][ ][ ]
[e.g., social engineering][ ][ ][ ]
[e.g., account takeover][ ][ ][ ]

14. Exposure Severity Register

Score each material exposure on Likelihood (exploitability - that an adversary can and would use it) × Impact (harm to the principal if used), inherent → after-remediation residual. Score cells are EMPTY placeholders - this is a blank form. Use the verbatim risk-scoring key in Annex A.

IDExposure Item (cross-ref §)Likelihood (1–5)Impact (1–5)Inherent Score (1–25)BandRemediationResidual Score (1–25)Residual Band
E-1[ ][ ][ ][ ][ ][ ][ ][ ]
E-2[ ][ ][ ][ ][ ][ ][ ][ ]
E-3[ ][ ][ ][ ][ ][ ][ ][ ]

Consolidated exposure heat map and the headline exposure rating derive from this register.

15. Verified Findings Summary

Roll up each material exposure with a verification status (verified by direct observation / unverified / contradicted), source grade, confidence, and materiality to the principal’s safety. Distinguish what was confirmed from what is inferred.

FindingStatus (verified / unverified / contradicted)Source GradeConfidenceMateriality
[ ][ ][ ][ ][ ]

16. Red Flag / Notable Indicators

Exposure indicators that warrant priority attention (e.g., real-time location leakage, exposed home address paired with a known threat, credential reuse on critical accounts). Provide the flag table, the indicator-type definitions, and a severity rollup.

FlagTypeBasis (cross-ref §)Severity
[ ][ ][ ][ ]

Indicator-type definitions: [e.g., define each flag type used above].

17. Analysis of Competing Hypotheses (ACH)

Apply ACH to the central exposure judgment (e.g., “the principal’s current exposure is sufficient to enable [named harm pathway] by [assumed adversary]”). List competing hypotheses and weigh the evidence for/against each; identify the most diagnostic evidence and what is consistent with multiple hypotheses.

Evidence / IndicatorH1: [ ]H2: [ ]H3: [ ]
[ ][e.g., consistent / inconsistent / N/A][ ][ ]
[ ][ ][ ][ ]

Most diagnostic evidence: [ ]. Hypothesis assessment: [ ].

18. Key Assumptions Check (KAC)

Surface the assumptions underpinning the exposure assessment (adversary capability / intent, completeness of selector enumeration, accuracy of attribution, persistence of removed content). For each: basis, confidence, and impact if wrong.

AssumptionBasisConfidenceImpact if Wrong
[ ][ ][ ][ ]

19. Collection Gaps & RFIs

Where the exposure picture is incomplete (unresolved selectors, platforms not lawfully accessible, suspected-but-unconfirmed exposure). State the gap, its impact on the assessment, the recommended (lawful) collection, and priority.

GapImpact on AssessmentRecommended CollectionPriority
[ ][ ][ ][ ]

20. Remediation Plan & Recommendations

Prioritized remediation across the standard lanes - suppression / removal (broker opt-out, de-index, content takedown), hardening (privacy settings, credential hygiene, MFA, compartmentation), and behavioral (oversharing, geotag discipline). Each item: action, owner, lawful basis where a legal lever is used, priority, and sequencing (de-index before content where applicable). Execution at scale and ongoing cadence are deferred to a privacy/OPSEC program/retainer; this report scopes and prioritizes.

PriorityRecommendationLane (suppress / harden / behavioral)OwnerDependency / Sequencing
[ ][ ][ ][ ][ ]

Recommendations are advisory and must respect platform terms and applicable law; legal-takedown and escalation levers route through counsel.


Annex A - Sources & Methodology

State the collection methods used (all lawful, open-source, least-intrusive); the source register graded with the Admiralty two-axis code; and the explicit likelihood-vs-confidence separation statement. Reproduce the reference scales below verbatim.

Collection methodology: [Describe the open-source collection approach, footprint-minimization measures, the publicly-available-only boundary, and verification standard.]

Source register (graded):

#Source / ItemTypeAccessed (date)Reliability (A–F)Credibility (1–6)Notes
[ ][ ][ ][ ][ ][ ][ ]

Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.

Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum carries a two-character grade, e.g., B2.)

Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely / highly improbable (05–20%) · unlikely / improbable (20–45%) · roughly even chance (45–55%) · likely / probable (55–80%) · very likely / highly probable (80–95%) · almost certain / nearly certain (95–99%).

Analytic confidence (evidence base, separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single / uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.

Risk scoring: Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.

Identity-resolution confidence: Confirmed / Probable / Possible / Unresolved, with the matched identifiers stated - disambiguation is explicit, never assumed.

Appendices

Attach: B - Selector & Identifier Index; C - Full Source Register; D - Exposure-Item Evidence Archive & capture/chain-of-custody pointer (screenshots / archives captured lawfully); E - Broker-Removal Register; F - Glossary; G - Revision History.

  • Appendix B - Selector & Identifier Index: [ ]
  • Appendix C - Full Source Register: [ ]
  • Appendix D - Evidence Archive & Chain-of-Custody Pointer: [ ]
  • Appendix E - Broker-Removal Register: [ ]
  • Appendix F - Glossary: [ ]
  • Appendix G - Revision History: [ ]

Verification disclaimer: this assessment reflects the principal’s open-source exposure as observable within the stated assessment window using lawful, publicly available information only; digital exposure is dynamic and may change after the as-of date. No accounts or systems not owned and authorized by the principal were accessed. Findings are advisory and are not a consumer report under the FCRA.

Document Control (footer): [REF-YYYY-###] · Version [ ] · Classification [ ] · Prepared [ ] · Reviewed [ ] · Approved [ ]

END OF REPORT

Model wiring

Generated from cell frontmatter at publish time.