| Interface | Description |
|---|---|
| ILikelihood |
| Class | Description |
|---|---|
| BusinessImpactFactor |
The business impact stems from the technical impact, but requires a deep understanding of what is important to
the company running the application.
|
| TechnicalImpactFactor |
Technical impact can be broken down into factors aligned with the traditional security areas of concern:
confidentiality, integrity, availability, and accountability.
|
| ThreatAgentFactor |
This set of factors are related to the threat agent involved.
|
| VulnerabilityFactor |
This set of factors are related to the vulnerability involved.
|
| Enum | Description |
|---|---|
| BusinessImpactFactor.FinancialDamage |
How much financial damage will result from an exploit?
|
| BusinessImpactFactor.NonCompliance |
How much exposure does non-compliance introduce?
|
| BusinessImpactFactor.PrivacyViolation |
How much personally identifiable information could be disclosed?
|
| BusinessImpactFactor.ReputationDamage |
Would an exploit result in reputation damage that would harm the business?
|
| TechnicalImpactFactor.LossOfAccountability |
Are the threat agents' actions traceable to an individual?
|
| TechnicalImpactFactor.LossOfAvailability |
How much service could be lost and how vital is it?
|
| TechnicalImpactFactor.LossOfConfidentiality |
How much data could be disclosed and how sensitive is it?
|
| TechnicalImpactFactor.LossOfIntegrity |
How much data could be corrupted and how damaged is it?
|
| ThreatAgentFactor.Motive |
How motivated is this group of threat agents to find and exploit this vulnerability?
|
| ThreatAgentFactor.Opportunity |
What resources and opportunities are required for this group of threat agents to find and exploit this vulnerability?
|
| ThreatAgentFactor.Size |
How large is this group of threat agents?
|
| ThreatAgentFactor.SkillLevel |
How technically skilled is this group of threat agents?
|
| VulnerabilityFactor.Awareness |
How well known is this vulnerability to this group of threat agents?
|
| VulnerabilityFactor.EaseOfDiscovery |
How easy is it for this group of threat agents to discover this vulnerability?
|
| VulnerabilityFactor.EaseOfExploit |
How easy is it for this group of threat agents to actually exploit this vulnerability?
|
| VulnerabilityFactor.IntrusionDetection |
How likely is an exploit to be detected?
|
Copyright © 2019–2022. All rights reserved.