![]() NIST 800-30 helps by providing a taxonomy of predisposing conditions and some sample scales for establishing vulnerability in Appendix F. Identify VulnerabilitiesĪfter identifying threat events, organizations must identify vulnerabilities and predisposing conditions affecting the likelihood that threat events will result in loss. A few examples are phishing attacks, session hijacking, and forced physical entry-which is good, old-fashioned breaking and entering. The second step is identifying potential threat events, the relevance of the events, and correlate them to the appropriate threat sources. Several organizations offer comprehensive threat catalogues such as CMS, BSI, ENISA. hostile nation-states and organized crime groups) and “Environmental Threats” (e.g. ![]() Some examples of the different categories included are “Adversarial Threats” (e.g. The first step to an effective risk assessment is to identify and characterize threat sources. 1 outlines these six steps for effective cybersecurity risk assessment: 1. A great resource for learning how risk assessments are performed is The National Institute of Standards and Technology’s Guide for Conducting Risk Assessments.
0 Comments
Leave a Reply. |