Sources of risk vary depending on whether you are analyzing a strategic, operational, or tactical situation.
Developing a threat assessment is a specialized task and organizations that do not have access to commercial or government threat assessments should consider outsourcing their threat assessment to commercial sources or consultants to develop comprehensive and timely threat assessments.
Threat analysis methodology is not addressed in this article however a poorly-developed Threat Assessment reduces the overall credibility of the security risk assessment. The key issue is that a Threat Assessment (TA) is essential for decision-makers and security risk analysts to make informed decisions with a solid understanding of the threat environment.
Threat Acts
Threat Acts (Events) are unlimited in range, variety, and significance but can include the following.
Physical
Armed attack
Armed robbery
Arson
Assault
Improvised explosive device (IED) attack
Kidnap and ransom
Malicious damage
Non-violent protest
Theft
Trespass
Vehicular attack
Violent protest
Workplace violence
Virtual
Commercial espionage
Compromise of electronic device
Creation and distribution of a virus
Cyberstalking
Disclosure of sensitive information
Distributed denial of service (DDOS) attack
Electronic audio surveillance
Electronic communications surveillance
Electronic interception
Fraud
Identity theft
Industrial espionage
Malware
Man-in-the-middle attack
Network penetration
Phishing
Ransomware
Social media campaign
Theft of intellectual property
They are listed here as physical or virtual attacks but it is important to recognize that many of them can fit into either.
Threat Tolerance
Organizations or individuals will have varying tolerances for risk and their ability to withstand threats will vary. This concept can be summarised as follows:
Comentários