Help Center
    Follow

    Phase C - Threat Profiling

    Phase C of the assessment centres around profiling the threats within the scope of the assessment, building out the threat landscape of the environment.

    Stage C1/2 - Threats & Attributes

    Stage C1/2 is used to define the threats that apply in the scope of this assessment, and then to assess the threat attributes they possess.

    To begin, select all the desired Threats to assess from the Common Threat List (CTL) using the Import from Form functionality to populate this form. Use the check box in the top left most corner of the selection window to import all items. With the populated form, each Threat will be listed with “0” Threat Attributes. Click on each of these to assess each Threat by its attributes to generate a threat profile via the Likelihood of Initiation (LoI) and Threat Strength (TS) scores.

    Threat_Profile_annotated.png

    Item   Title    Description  
    1 Threat This is a reference field to the list of threats defined in the Common Threat List (CTL).
    2 Threat Information This is a field which pulls through the origin and threat group of the threat chosen from the Common Threat List (CTL).
    3 Threat Attributes This is a link to the Threat Attributes form, which is created when a threat is chosen.
    4 LoI and TS This refers to the Likelihood of Initiation (LoI) and Threat Strength (TS), which is brought through if calculated in the Threat Attributes form.

     

    Threat Attributes

    The threat attributes form allows for the profiling of each threat by its attributes.

    To begin, select all the threat attributes from the Threat Profile Reference Table (TPRT) using the Import from Form functionality to populate this form. Use the check box in the top left most corner of the selection window to import all items. This will bring through all the threat attributes relating to the group this threat belongs to.

    For each attribute for the threat, assess the impact using the impact ratings scale determined in Getting Started. Likelihood of Initiation (LoI) and Threat Strength (TS) scores will be generated automatically based on this selection based on the settings in the Threat Profile Reference Table (TPRT).

    Threat_Attributes_annoted.png

     

    Item   Title    Description  
    1 Threat Attribute This is a reference to the threat attributes defined in the Threat Profile Reference Table (TPRT). From this you can select the threat attribute you are considering for the threat chosen in the Stage C1/2 – Threats & Attributes.
    2 Score This is a reference to the Impact Ratings, where you can select what the score is for the threat attribute.
    3 TPRT Description This is a description of the threat attribute’s affect, given the score chosen – these details are pulled from the Threat Profile Reference Table (TPRT).
    4 Rationale This is a free text field where you can add the rationale for choosing the threat attribute and its score.
    5 LoI & TS These are fields which are calculated based on whether LoI and TS have been chosen to be included or excluded in the Threat Profile Reference Table (TPRT), and the score chosen for the threat attribute.

     

    Stage C3 - Prioritised Threat Landscape

    The prioritised threat landscape provides a form to prioritise the threats that may affect your business.

    To begin, select all the threats from Stage C1/2 using the Import from Form functionality to populate this form. Use the check box in the top left most corner of the selection window to import all items. This will bring through all the threats from the previous stage.

    For each threat, review the calculated Likelihood of Initiation (LoI) and Threat Strength (TS) and override where appropriate to prioritise the threats based on your organisation’s experiences.

    Prioritised_Threat_Landscape_annotated.png

    Item   Title    Description  
    1 Threat This is a reference field to the threats chosen in Stage C1/2 – Threats & Attributes.
    2 Threat Details The threat group and origin are details about the threat chosen, that are pulled through from Stage C1/2 – Threats & Attributes, after being defined in the Common Threat List (CTL).
    3 LoI and TS The calculated fields under LoI and TS is the fields calculated within the Threat Attributes within Stage C1/2 – Threats & Attributes. You can then use the override field, which is a reference field to the Impact Ratings, to choose a different rating for the LoI and TS of the threat.
    4 Comments This is a free text field where you can add extra comments about the threat and it’s LoI and TS ratings, for example the reason for the override.

     

    Stage C4/5 - Scope and Map Threat Events & Information Assets

    This stage provides an area to scope the threats that were prioritised in Stage C3 and mapping the threat events and components associated with each threat.

    To begin, select the threats from Stage C3 that warrant further assessment using the Import from Form functionality to populate this form. If desired, use the check box in the top left most corner of the selection window to import all items. It is recommended that this stage is used to filter out low threats to avoid spending time on assessing low risks.

    With the populated form, each Threat will be listed with “0” Mapped Threat Events. Click on each of these to assess each Threat by its events to generate a scope of events that each threat actor may undertake.

    STMA_annotated.png

    Item   Title    Description  
    1 Threat This is a reference field to the threats described in Stage C3 – Prioritised Threat Landscape.
    2 Threat Details These are the threat details as shown in Stage C3 – Prioritised Threat Landscape.
    3 Mapped Threat Events This is a link to a Mapped Threat Events form, which is created when a threat is chosen.

     

    Mapped Threat Events

    This is a form where you select all the possible threat events associated with the given threat.

    To begin, select the Threat Events from the Threat Event Catalogue (TEC) that this Threat Actor may undertake using the Import from Form functionality to populate this form. If desired, use the check box in the top left most corner of the selection window to import all items. It is recommended that this stage is used to filter out low threats to avoid spending time on assessing low risks. This will bring through all the selected threat events. Note that only Threat Events where the Initiation Strength is equal to or less than the Threat Strength assessed for a Threat will be made available here.

    With the populated form, each Threat Event will be listed with “0” Mapped Components. Click on each of these to map each Threat Event to the components that are vulnerable to that sort of activity.

    Threat_Events_annotated.png

    Item   Title    Description  
    1 Threat Event This is a reference to the threat events defined in the Threat Event Catalogue (TEC).
    2 Threat Event ID This is the Threat Event ID for the threat chosen, as written in the Threat Event Catalogue (TEC).
    3 Threat Details These are the details of the threat the threat events are being mapped to, as defined in the Stage C4/5 - Scope and Map Threat Events & Information Assets.
    4 Mapped Components This is a link to a Mapped Components form, which is created when a threat event is chosen.

     

    Mapped Components

    This is a form where you select all components associated with the threat event.

    To begin, select the Components from the central Components Library that may be vulnerable to the given Threat Event using the Import from Form functionality to populate this form. If desired, use the check box in the top left most corner of the selection window to import all items. This will bring through all the selected components, mapped to the current threat event.

    Complete this for all Threat Events for the given Threat.

    Components_Stage_C_annotated.png

    Item   Title    Description  
    1 Components This is a reference field where you can select a component from the Components form.
    2 Information Assets When you select the component within the Components form, this has a selected Information Asset associated with it. This field then pulls this information through.

     

    C Summary: Asset Threat Event Map

    This phase summarises the results of stages C1-5 into the Asset Threat Event Map. This doesn’t require any user activity other than to pull through the results from the earlier stages.

    To complete this stage, pull through all items into the summary form using the Import from Form to populate it with all the inherent risks generated via the earlier stages. Be sure to import all using the check box in the top left most corner of the selection window. With the populated register, evaluate the results to ensure that they are acceptable before proceeding with the remainder of the assessment.

    C_summary_annotated.png

    Item   Title    Description  
    1 Threat Details These are details of the threat event and threat details which have been mapped to by the component, which will fill in with details once the component field has been selected.
    2 Component This is a reference field to the components selected in the Mapped Components list.
    3 Confidentiality, Integrity and Availability These are details which are pulled through for the information asset field chosen – these fields are filled in within the BIA Assessment.
    Was this article helpful?
    0 out of 0 found this helpful

    Comments

    Get Additional Help