What are Threat Acts and Threat Tolerance?

Updated: Mar 11

Sources of risk vary depending on whether you are analyzing a strategic, operational, or tactical situation.


Developing a threat assessment is a specialized task and organizations that do not have access to commercial or government threat assessments should consider outsourcing their threat assessment to commercial sources or consultants to develop comprehensive and timely threat assessments.


Threat analysis methodology is not addressed in this article however a poorly-developed Threat Assessment reduces the overall credibility of the security risk assessment. The key issue is that a Threat Assessment (TA) is essential for decision-makers and security risk analysts to make informed decisions with a solid understanding of the threat environment.


Threat Acts


Threat Acts (Events) are unlimited in range, variety, and significance but can include the following.


Physical


  • Armed attack

  • Armed robbery

  • Arson

  • Assault

  • Improvised explosive device (IED) attack

  • Kidnap and ransom

  • Malicious damage

  • Non-violent protest

  • Theft

  • Trespass

  • Vehicular attack

  • Violent protest

  • Workplace violence


Virtual

  • Commercial espionage

  • Compromise of electronic device

  • Creation and distribution of a virus

  • Cyberstalking

  • Disclosure of sensitive information

  • Distributed denial of service (DDOS) attack

  • Electronic audio surveillance

  • Electronic communications surveillance

  • Electronic interception

  • Fraud

  • Identity theft

  • Industrial espionage

  • Malware

  • Man-in-the-middle attack

  • Network penetration

  • Phishing

  • Ransomware

  • Social media campaign

  • Theft of intellectual property

They are listed here as physical or virtual attacks but it is important to recognize that many of them can fit into either.



Threat Tolerance

Organizations or individuals will have varying tolerances for risk and their ability to withstand threats will vary. This concept can be summarised as follows:



Threat Tolerance Table

Recent Posts

See All

The SRMBOK Maturity Model

Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level 2 BASIC Level 3 REPEATABLE Level 4 OPTIMIZING The model also ad

©2019 by Julian Talbot