Definitions[]
A threat analysis is
“ | [a] process in which information about a threat or potential threat is subjected to systematic and thorough examination in order to identify significant facts and derive conclusions.[1] | ” |
“ | [t]he examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.[2] | ” |
“ | [a]n analysis of the probability of occurrences and consequences of damaging events to an ADP facility.[3] | ” |
“ | [a]n analysis of the threat actions that might affect a system, primarily emphasizing their probability of occurrence but also considering their resulting threat consequences.[4] | ” |
“ | [a]n evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against enterprise assets.[5] | ” |
A threat analysis is "[t]he detailed evaluation of the characteristics of individual threats.[6]
Overview[]
"The threat analysis usually defines the level of threat and the likelihood of it materializing."[7]
References[]
- ↑ DOE Manual 470.4-7, at 60.
- ↑ NIST Special Publication 800-27A, at A-4.
- ↑ NIST, FIPS 31.
- ↑ Internet Security Glossary, at 306.
- ↑ ISACA, Cybersecurity Fundamentals Glossary 31 (full-text).
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- ↑ ISACA, Cybersecurity Fundamentals Glossary (full-text).