Loss Event Frequency correct answers Loss Event Frequency (LEF) is the probable frequency, within a given timeframe, that a threat agent will inflict harm upon an asset. In basic terms this can be thought of as how often
...
Loss Event Frequency correct answers Loss Event Frequency (LEF) is the probable frequency, within a given timeframe, that a threat agent will inflict harm upon an asset. In basic terms this can be thought of as how often a bad thing happens to something that we care about; for example, how often your money is stolen, or how many times per year hackers perform a denial of service attack against your online banking system.
Threat Event Frequency correct answers Threat Event Frequency (TEF) is the probable frequency, within a given timeframe, that a threat agent will act in a manner that could result in a loss. For example, the probable frequency, within a given timeframe, that a thief tries to steal the money, a tornado hits a building, hackers perform a denial of service attack on your computer system, etc.
Contact Frequency correct answers Contact Frequency (CF) is the probable frequency, within a given timeframe, that a threat agent will come into contact with an asset. Contact can be physical or "logical" (e.g., over the network).
Probability of Action correct answers Probability of Action (PoA is the probability that a threat agent will act against an asset once contact occurs. Once contact occurs between a threat agent and an asset, action against the asset may or may not take place. For some threat agent types, especially natural threat agents, action always takes place. For example, if a tornado comes into contact with a house, action is a foregone conclusion.
Vulnerability correct answers The definition of Vulnerability in the FAIR risk taxonomy departs from the casual or informal use of the term. Vulnerability (Vuln) is the probability that a threat event will become a loss event. Vulnerability exists when there is a difference between the force being applied by the threat agent, and an object's ability to resist that force. This simple analysis provides us with the two primary factors that drive Vulnerability: Threat Capability (TCap) and Resistance Strength (RS).
Threat Capability correct answers Threat Capability (TCap) is the probable level of force that a threat agent is capable of applying against an asset. Not all threat agents are created equal. In fact, threat agents within a single threat community are not all going to have the same capabilities.
Resistance Strength correct answers Resistance Strength (RS) is the strength of a control as compared to a baseline measure of force. In simple terms, this can be considered the degree of difficulty faced by the threat agent. For example, a wireless network secured by WPA2 has a higher RS to a hacker community than one secured by WEP.
Loss Magnitude correct answers Loss Magnitude (LM) is the probable magnitude of loss resulting from a loss event. The other side of the taxonomy under Loss Event Frequency introduced the factors that drive the probability of loss events occurring. The Loss Magnitude side of the taxonomy describes the other half of the risk equation - the factors that drive loss magnitude when events occur.
Primary Loss correct answers Primary Loss is the direct result of a threat agent's action upon an asset and often represents the intention in acting against the asset. The owner of the affected assets is considered the primary stakeholder in an analysis.
Secondary Loss correct answers Secondary Loss is a result of secondary stakeholders (e.g., customers, stockholders, regulators, etc.) reacting negatively to the primary loss event. Think of it as "fallout" from the primary event. Secondary Loss has two primary components: Secondary Loss Event Frequency (SLEF) and Secondary Loss Magnitude (SLM).
Secondary Loss Event Frequency correct answers Secondary Loss Event Frequency (SLEF) is an estimate of the percentage of time a scenario is expected to have secondary effects.
Secondary Loss Magnitude correct answers Secondary Loss Magnitude is the losses that are expected to materialize from dealing with secondary stakeholder reactions (e.g., fines and judgments, loss of market share, etc.).
Action correct answers An act taken against an asset by a threat agent. Requires first that contact occurs between the asset and threat agent.
[Show More]
