Step 2: Define the Risk Profile

Risk identification will now be performed through the Risk Profiling Module.

In this section, you will define key elements of the risk, grouped as described below.

1. Contextual Information

Security Domain

The area of cybersecurity the risk pertains to.

Business Attribute

The business function or attribute affected by the risk.

2. Threat Details

Threat Origin

The source of the threat (e.g., internal, external, environmental).

Threat Actor

The individual or entity responsible for the threat.

Threat Actor Motivation

The reason or intent behind the threat (e.g., financial gain, disruption).

Threat Vector

The pathway or means through which the threat is executed.

Threat Action

he specific actions taken by the threat actor (e.g., malware deployment).

STRIDE

Threat Action: Actions classified according to the STRIDE framework (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege).

3. Impact Assessment

Victim Quantification

The number of potential victims or entities impacted by the threat.

4. Additional Information

Other Information

Use the text box to provide any supplementary details about the risk.

These settings enable a finely tuned and detailed understanding of your risk profile. By defining the security domain, business attributes, associated threat details, victim quantification, and additional information, you can develop a comprehensive and actionable risk profile.

1. Contextual Information​

Security Domain​

Business Attribute​

2. Threat Details​

Threat Origin​

Threat Actor​

Threat Actor Motivation​

Threat Vector​

Threat Action​

STRIDE​

3. Impact Assessment​

Victim Quantification​

4. Additional Information​

Other Information​