Threat Identification

The process of identifying threat sources that have the potential to exploit some weakness in the information system. The following list of common threat sources should be evaluated:

Natural threats

  • Storms
    • Floods
    • Tornadoes
    • Hurricanes
    • Electrical storms
  • Earthquakes
  • Slides
    • Landslide
    • Avalanche
  • Temperature extremes

danger

danger



Environmental threats

  • Power failures

Human threats

  • Unintentional
    • Data compromise
  • Intentional
    • Hacker/cracker
      • System intrusion
      • Defacement
      • Data compromise
    • Criminal
      • Bribery, extortion
      • System intrusion
      • Data compromise
    • Terrorist
      • Bribery, extortion
      • System intrusion
      • Data compromise
      • Information warfare
      • System disruption
      • Organizational disruption
    • Industrial espionage
      • System intrusion
      • Data compromise
      • Organizational disruption
    • Insiders
      • System intrusion
      • Data compromise
      • Organizational disruption

This threat analysis should be tailored to the individual organization and its environment and mission and the criticality and sensitivity of the data on the information system. In general, information, threat analysis, awareness and readiness are fairly high for natural threats and low for human sourced cyber threats.

Leave a Reply

You must be logged in to post a comment.