top of page
Search
jt
Mar 16, 20202 min read

How Do Intent and Capability Relate to Assessing Threat?

Intent & Capability


Threat can be evaluated as a combination of Intent & Capability.



Intent and Capability both comprise other elements as illustrated below.




Assessing Threat

Threats can be assessed in many ways. However, one approach is to develop an ordinal ranking of Threat Actors’ resources, knowledge, desires, and confidence (a.k.a.Expectance) to develop an overall threat profile.


Resources

What resources (or access to resources)does the attacker have at their disposal?

  1. Few if any resources and/or funding

  2. Limited funding and/or resources

  3. Moderate level of financing and/or resources

  4. Significant level of funding and/or resources.

  5. Fully funded and resourced.


Knowledge

How much knowledge or skills does the attacker have?

  1. No knowledge or training

  2. Limited knowledge and ability.

  3. Moderate level of training and skills.

  4. Very skilled and trained in the use of tactics and techniques

  5. Highly skilled and comprehensively trained.


Desire

What does the attacker desire?

  1. Little to no desire-absence of drive and purpose

  2. Some drive and commitment to achieve outcomes using generally peaceful means.

  3. Highly motivated but with some flexibility in terms of method and capacity for compromise.

  4. High degree of desire with limited room for compromise and potential to use extreme measures.

  5. Extremist motivations with few if any limitations on attack options and no room for compromise.


Confidence (Expectance)

An attacker’s confidence or expectation, can be ranked as follows:

  1. Threat actor does not believe they have the capacity & competence to achieve an attack.

  2. Threat actor believes they have limited capacity & competence to achieve an attack.

  3. Threat actor has reasonable expectation of a successful attack based on their capacity & competence.

  4. Threat actor competence and capabilities are such that they have high expectations of achieving a successful attack.

  5. Threat actor has very high expectation of achieving a successful attack.

An example of the summary of a threat assessment is presented in the following graphic. This is NOT a Threat Assessment, merely the summary of potentially many pages of material and hours or months of research and analysis.




5,176 views0 comments

Recent Posts

See All

©2019 by Julian Talbot

bottom of page