Updated: Mar 11, 2020
Sources of risk vary depending on whether you are analyzing a strategic, operational, or tactical situation.
Developing a threat assessment is a specialized task and organizations that do not have access to commercial or government threat assessments should consider outsourcing their threat assessment to commercial sources or consultants to develop comprehensive and timely threat assessments.
Threat analysis methodology is not addressed in this article however a poorly-developed Threat Assessment reduces the overall credibility of the security risk assessment. The key issue is that a Threat Assessment (TA) is essential for decision-makers and security risk analysts to make informed decisions with a solid understanding of the threat environment.
Threat Acts (Events) are unlimited in range, variety, and significance but can include the following.
Improvised explosive device (IED) attack
Kidnap and ransom
Compromise of electronic device
Creation and distribution of a virus
Disclosure of sensitive information
Distributed denial of service (DDOS) attack
Electronic audio surveillance
Electronic communications surveillance
Social media campaign
Theft of intellectual property
They are listed here as physical or virtual attacks but it is important to recognize that many of them can fit into either.
Organizations or individuals will have varying tolerances for risk and their ability to withstand threats will vary. This concept can be summarised as follows: