Threat Identification. A threat is a potential cause of an incident. In the context of cyber risk, we are often concerned about malicious human actors who deliberately launches attacks in order to harm our assets, and this is what we focus on here. However, human threats can also be non-malicious. For example, a thoughtless employee may publish confidential information on a website without wanting to cause any harm. Moreover, non-human threats, such as a power failure, should also be taken into account. Threats should be placed on the left-hand side of the diagram, as they represent the initial cause of the chain leading to an asset being harmed.
Appears in 2 contracts
Sources: Grant Agreement, Grant Agreement