- 1). Identify the scope of threat to the area you wish to assess, whether it is to an organization, society, system or institution. The scope provides you with a way of identifying what is covered in the assessment, what needs to be protected, the vulnerability of what is being protected and to what level and detail.
- 2). Conduct interviews with key personnel and go through documents to collect data regarding all policies, measures and procedures presently in place to guard against threat or risks. Enumerate them.
- 3). Identify threats your organization is presently exposed to. Review and analyze the existing policies and procedures to estimate or gauge the level in which the organization is compliant, or capable of being controlled, protected or managed against these threats.
- 4). Conduct a vulnerability assessment to determine the exposure or venerability of the organization to the threats identified.
- 5). Conduct a threat analysis to identify every element of risk that could possibly happen. Narrow down the range of the areas the threats may target. Use information previously collected that relates to an imminent attack, or attack likely to happen.
- 6). Combine data you have collected from different sources to come up with one that is superior to any data provided by individual sources. This process is called information fusion. There are various mathematical frameworks or threat assessment engines you can use in this process including neural networks, fuzzy logic and Bayesian belief networks.
- 7). Calculate probability of the threat using Bayesian Belief Networks (BBN) method. BBN uses a network of nodes that represent variables. Each of the nodes is connected by arcs. Each of the arcs represents a relationship between the variables such as their causes and effects. The joint probability distribution of inputs and outputs refers to the probability function of each node.
- 8). Divide the threats into smaller and easily quantifiable elements which, when combined, characterize or represent the entire threats. This method is called threat taxonomy. The data you process are used to come up with the current threat rating.
- 9). Display the threat rating in graphic format to easily identify its gravity or seriousness. Set the base weight by adjusting the current threat rating up or down depending on the degree of the threat associated with the current piece data.
Subscribe to our newsletter
Sign up here to get the latest news, updates and special offers delivered directly to your inbox.
You can unsubscribe at any time
Prev Post