The Family Threat Model
One day onsite. One complete picture of your household's posture — across people, institutions, and lifestyle. A living model your family keeps, updates, and owns.
- Principal-led, one day onsite — walked the way an adversary would
- 156 controls scored against NIST CSF 2.0, Govern through Recover
- Private USB deliverable — runs entirely on your devices
- TargetProof keeps no copy — what remains with you is the model
The Sanctuary Model
After your onsite assessment, you receive a private USB deliverable that runs entirely on your devices. It is not a cloud dashboard or a vendor-held report — a living model your family office keeps, updates, and owns.
Score 156 controls across Govern → Recover. Tally gaps by people, institutions, and lifestyle. Generate a maturity summary, risk-ordered findings, and a 30 / 90 / 180-day roadmap — then link every gap to Sanctuary remediation when you are ready to act.
- Encrypted vault — assessment data stays on your infrastructure
- Threat Spectrum mapped to your intake and household context
- Guided assistant — structured answers from your model, no language model
- TargetProof keeps no copy of your assessment
Illustrative view — your household's model runs locally on the USB deliverable.
The Sanctuary Loop
Four questions. One integrated picture — from household context through scored controls to a plan you can actually execute.
Structured intake: properties, participants, advisors, travel, incidents, and goals. Business context before controls — scoped to your household, not a generic checklist.
156 controls scored across Govern → Recover (NIST CSF 2.0), plus a Threat Spectrum of documented targeting patterns and regulator-aligned fraud warnings.
Gaps tallied and prioritized. Auto-generated summary and 30 / 90 / 180-day roadmap. Every gap links to a Sanctuary remediation service when you are ready to act.
Built-in review: effectiveness, explicit residual-risk acceptance, and what to improve next cycle. The framework sharpens over time — without the deliverable growing heavier.
What it is
A principal-led, one-day onsite engagement. Together you walk your residence and family office context the way an adversary would — physical, digital, and human. Every control is scored. Gaps are tallied. Recommendations tie directly to remediation you can execute on your timeline.
You receive the Sanctuary Model on a private USB deliverable. It runs entirely on your devices. TargetProof keeps no copy of your assessment. What remains is clarity: where you are exposed, what matters most, and exactly how to close it.
Ideal for: Family offices, multi-property estates, and principals who need an integrated picture — not another vendor checklist or enterprise software diagram.
- 156-control Sanctuary Framework (NIST CSF 2.0: Govern → Recover)
- Structured intake across People · Institutions · Lifestyle
- Threat Spectrum — documented targeting patterns and FTC-aligned fraud warnings
- Onsite probes across primary residence and agreed scope
- Private USB deliverable — vault password, then straight into your model
- Live maturity dashboard, gap tally, and risk-ordered recommendations
- 30 / 90 / 180 day remediation roadmap
- Annual Review loop with explicit residual-risk acceptance
Every household receives the same private USB deliverable: 156 controls, threat spectrum, maturity dashboard, gap-linked remediation, and a rule-based assistant that reads your scored model — no language model, no external AI, no data connectors. Built for family offices that want maximum discretion.
The Sanctuary Model, published.
The Standard Edition is available on GitHub for practitioners, family offices, and researchers who want the framework without vendor lock-in. Same on-device architecture — encrypted local vault, 156 controls, threat spectrum, maturity dashboard, and guided assistant.
Released under the MIT License: free for personal and commercial use, with no royalties or compensation required. Modify it, embed it in your practice, or hand it to a client household — keep the license notice with any redistribution.
- Software is provided as-is — no warranty, no guarantee of security outcomes
- Not legal, tax, insurance, or professional cybersecurity advice
- You are responsible for how assessment data is stored and used on your devices
- A principal-led onsite Family Threat Model engagement remains the white-glove path — USB packaging, probes, and Sanctuary remediation are separate from the open repository
Full-spectrum threat context
The threats wealthy households actually face — mapped to controls, not buried in a PDF appendix.
Govern, Identify, Protect, Detect, Respond, Recover — translated for estates and family offices, not enterprise software alone.
Impersonation, business email compromise, wire diversion, SIM swap, deepfake voice calls, data-broker exposure, and real-estate closing fraud.
Home-invasion coercion for crypto assets, family-office wire fraud, integrator backdoor access, OSINT-enabled targeting, staff social engineering, and travel-route surveillance.
Patterns highlight automatically from your intake. You mark what is relevant. Your summary and assistant read from the same context.
Not just cyber. Not just physical.
Integrated protection.
Every control is tagged across these dimensions — because adversaries do not respect silos.
Access, behavior, training, and trust boundaries across everyone who touches your world.
Trusts, banks, counsel, insurers — governance and coordination across your professional ecosystem.
Travel, residences, philanthropy, public profile — the patterns that make you predictable to an adversary.
Every gap has a path forward.
Twelve Sanctuary services — assessed, prioritized, and executed with the same white-glove standard as the diagnostic itself.
Selected as needed · sequenced from your roadmap · optional annual advisory retainer
Illuminate exposure. Then shrink it.
Every connected device hardened with precision.
Living plans for the scenarios you hope never happen.
Training that changes behavior.
Named paths to close gaps — sequenced after assessment
A protection layer alongside the plan
Referring attorneys, wealth managers, and family offices can offer clients two formats: Standard (no AI components) for maximum discretion, or AI for households that want conversational follow-up — still entirely on-device. The assessment complements wealth, succession, and governance work with integrated security most families have never had in one place.
Partner with TargetProof to bring Sanctuary-grade assessment to your clients.
For Advisors →Peace of mind,
measured and maintained.
A private diagnostic. A living model you own. A clear sequence when you are ready. Discretion is not a feature — it is the foundation.
Arrange a Private Briefing