Generic Risk Model with Key Risk Factors (NIST SP 800-30 R1)
Key Risk Factors
Risk
Risk is a function of the likelihood of a threat event’s occurrence and potential adverse impact should the event occur.
Likelihood
In assessing likelihoods, organizations examine vulnerabilities that threat events could exploit and also the mission/business function susceptibility to events for which no security controls or viable implementations of security controls exist (e.g., due to functional dependencies, particularly external dependencies).
Impact
The level of impact from a threat event is the magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
Risk Model
Risk models differ in the degree of detail and complexity with which threat events are identified. When threat events are identified with great specificity, threat scenarios can be modeled, developed, and analyzed.
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Threat events are caused by threat sources.
Threat Source
The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with threat agent.
Threat Actor
An individual or a group posing a threat.
Threat Event
An event or situation that has the potential for causing undesirable consequences or impact.
Vulnerability
A bug, flaw, weakness, or exposure of an application, system, device, or service that could lead to a failure of confidentiality, integrity, or availability
NIST Special Publication 800-39 provides guidance on vulnerabilities at all three tiers in the risk management hierarchy and the potential adverse impact that can occur if threats exploit such vulnerabilities.
Threat Scenario
In general, risks materialize as a result of a series of threat events, each of which takes advantage of one or more vulnerabilities. Organizations define threat scenarios to describe how the events caused by a threat source can contribute to or cause harm. Development of threat scenarios is analytically useful, since some vulnerabilities may not be exposed to exploitation unless and until other vulnerabilities have been exploited.
A threat scenario tells a story, and hence is useful for risk communication as well as for analysis.
Predisposing Condition
A predisposing condition is a condition that exists within an organization, a mission or business process, enterprise architecture, information system, or environment of operation, which affects (i.e., increases or decreases) the likelihood that threat events, once initiated, result in adverse impacts to organizational operations and assets, individuals, other organizations, or the Nation.
The concept of predisposing condition is also related to the term susceptibility or exposure. Organizations are not susceptible to risk (or exposed to risk) if a threat cannot exploit a vulnerability to cause adverse impact. For example, organizations that do not employ database management systems are not vulnerable to the threat of SQL injections and therefore, are not susceptible to such risk.
Sources
Continue reading →
