1. Threat
Threat
A threat is any circumstance or event with the potential to adversely impact organizational operations and assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, or modification of information, and/or denial of service. Threat events are caused by threat sources.
Threat Source
A threat source is characterized as:
- The intent and method targeted at the exploitation of a vulnerability; or
- A situation and method that may accidentally exploit a vulnerability.
Various taxonomies of threat sources have been developed. CSFaaS uses taxonomies primarily based on Veris and ENISA. You may also incorporate your own taxonomy if needed
Threat scenario
Risk models vary in the level of detail and complexity used to identify threat events. When threat events are identified with greater specificity, threat scenarios can be modeled, developed, and analyzed.
A threat scenario consists of discrete threat events attributed to one or more threat sources, ordered chronologically, that result in adverse effects.
(Source: NIST SP 800-30)