Defining Threat Likelihood is the third step in building an X-Analytics profile.
The Threat Likelihood section gives you the ability to modify your threat condition. This section is divided into 10 questions. Each question relates to a specific X-Analytics threat category. Within each question, you can select industry default or select which threat varieties are associated with your profile.
Threat (noun)
1. : as related to information technology (IT) and operational technology (OT) systems, threat is a person or thing likely to cause damage or danger.
2. : cyber threat includes malice and error.
3. : in X-Analytics, cyber threat includes malware, hacking, social, misuse, error, environmental, and physical patterns.
Threat Category Definitions
With X-Analytics, there are 10 threat categories:
Web Application Attacks: In this category, web application is the vector of attack to disrupt operations or compromise data.
Point-of-Sale (POS) Intrusion: In this category, a PoS asset is the vector of attack, with the intention of stealing payment records. includes critical and non-critical network equipment, such as routers, firewalls, and switches.
Misuse: In this category, misuse is the action. This includes data mishandling, and unapproved actions.
Error: In this category, error is the action. This includes misconfiguration, omission, and malfunction, but does not include loss of asset.
Theft & Loss: In this physical is the action. This includes an employee losing or a thief stealing a physical asset.
Crimeware: In this category, malware is the action that does not fit into a more specific pattern. This includes ransomware.
Skimmers: In this category, a thief physically implements an unauthorized skimming device onto a system to extract data.
Cyber Espionage: In this category, a nation-state or competitor sponsors an attacker to perform acts of espionage.
Denial-of-Service Attacks: In this category, a hacker uses a denial-of-service technique to disrupt operations.
Everything Else: In this category, malware, hacking, and social are the action that does not fit into a more specific pattern.
Threat Category Informs Loss Probability
Each X-Analytics threat category informs the probability of one or more X-Analytics loss categories.
Web Application Attacks: Informs probability of business interruption, data breach, and misappropriation .
Point-of-Sale (POS) Intrusion: Informs probability of data breach.
Misuse: Informs probability of business interruption, data breach, and misappropriation.
Error: Informs probability of business interruption and data breach.
Theft & Loss: Informs probability of business interruption, data breach, and misappropriation.
Crimeware: Informs probability of business interruption, data breach, misappropriation, and ransomware.
Skimmers: Informs probability of data breach.
Cyber Espionage: Informs probability of business interruption, data breach, and misappropriation.
Denial-of-Service Attacks: Informs probability of business interruption.
Everything Else: Informs probability of business interruption, data breach, misappropriation, and ransomware.
To build your threat landscape, please follow the steps below.
Step 1: Answer the Threat Likelihood Questions
If you are aware of your threat condition, then this section should only take a few minutes to answer. For each question, you can:
Clear answers and start with a fresh input
Select which threat varieties apply to your profile. (The ? symbol next to each variety provides a summarized list of those varieties.)
Select "Not Sure". (The "Not Sure" answer defaults to the industry threat baseline.)
After you are done answering the first threat likelihood question, move to the next questions until you have answered all 10 questions.
Step 2: Complete the Next Section of the Profile Builder.
For further Profile Build guidance, please return here.
Comments