The Definition of Threat

Wentz’s Risk Model

Based on ISO 31000 (risk is the “effect of uncertainty on objectives”), the NIST Generic Risk Model, and the risk metalanguage proposed by Dr. David Hillson, I define a threat as follows:

A threat is a risk with a negative effect as a threat source may initiate a threat event to exploit vulnerabilities and cause an adverse impact on the security objectives if it happens.

Leave a Reply