How to identify a Threat in a network? H ...

How to identify a Threat in a network? How to perform Risk Exposure Matrix and understand

Dec 01, 2020

Threat Identification:

 ★In the Internet world, a threat could be a potential danger that may exploit a vulnerability to breach security and so cause harm to the organization. A threat will be “intentional” or “unconditional” Human-made actions or occurred through any internal events. A threat-source doesn’t show off a potential risk when there is no vulnerability that can be exercised from it. A vulnerability is a weakness that can be unintentionally triggered or intentionally exploited. We should conduct the Risk assessment to evaluate the relative likelihood of occurrence for each threat. We should carry out a more detailed risk assessment plan, and we evaluate each threat against the likelihood and actual impact of risks during each stage. Once you have identified the potential threats, the next step is to identify the corresponding weaknesses (vulnerabilities) in your organizational network, Internal/external systems, resources, and organizational policies the external/internal threats could exploit. I recommend following up on the latest ISO27005 standard listing of threats and vulnerabilities.

Threat-Source Identification:

★A threat-source is defined as any circumstance or event with the potential action to cause harm to an IT system. There are some common threat sources can be natural, human, or environmental. After performing a risk assessment, you may find a considerable number of ongoing threats and vulnerabilities that can affect your company. These may include intrusions, vandalism, theft, or other incidents and situations that may vary from business to business.

THREAT CLASS

DISCLOSURE

INTERRUPTION

MODIFICATION

DESTRUCTION

REMOVAL

How to perform Threat identification?

★The distinct class of threat concepts, consequence, likely hood, total impact, and exposure are used to carry out the threat identification. Specific threat events such as hacker attempts, virus attacks, malware intruder attempts, etc., fall into a particular threat class will be defined as per the matrix in the given below table.

Threat identification Risk Rating templates:

★In this section, we project potential effects and the likelihood of occurrence, with consideration of existing controls safeguards that could reduce the impact of the likelihood. Use a risk rating of Critical, High, Medium, Low, and insignificant to describe the magnitude of risk.

(I) Risk rating:

Image for post

(ii) Likelihood Rating:

Image for post

(iii) Impact Rating:

Image for post

(iv) Risk Exposure Matrix:

Image for post

a) Describing threats in terms of who, how, and when.

b) Establishing into which threat class a threat falls.

c) Determining the threat likelihood.

d) Determining the implications on the business operations should a threat achieve success.

e) Assessing the impact of the results as less serious, serious, or exceptionally grave injury.

f) Assigning an exposure rating to every threat, in terms of the relative severity to the organization.

g) Prioritizing the impacts /likelihood pairs, according to the determined ratings.

Risk Rating Factors:

★The factors we used to determine the premium. Ideally, we should use all risk factors as rating factors.

Image for post

Conclusion:

We discussed the Risk assessment of the relative likelihood of occurrence for each threat. The organization should carry out a more detailed risk assessment plan, and we test each threat against the likelihood and actual impact of risks during each stage.

 — — — — — — — — — THE END — — — — —— — — —— —

Quote of the day: "All men's souls are immortal, but the souls of the righteous are immortal and divine." — Socrates.

Thanks for reading👍!

Only Buy me a coffee if you enjoyed it 😊!!!

Appreciate it forever!!!

Have a pleasant day🌞!

— — — — — —— — — — —  — — — — —— — — — —— —

About Me:

Founder of gtmars.com & plan2trip.com. From time to time I share knowledge in the digital world about Cybersecurity, Technology, the Space industry, Traveling, Japanese Haiku poems.

My blogs😂: Connect with the one you like!

https://hackernoon.com/u/gtmars.com

https://gtmars.medium.com/

https://www.facebook.com/Gtmarscom-113569997170307

https://twitter.com/gtmars2

https://www.instagram.com/gtmars2020

https://www.linkedin.com/company/gtmars/

Enjoy this post?

Buy gtmars a coffee

2 comments

More from gtmars