Risk Graphs and tools Flashcards
What are the three kinds of Threat Trees?
1) Asset Tree-asset, means of access, internal or external threat actor, intentional or unintentional motive, capability, event, consequence
2) Threat type tree-Type of threat, act, resultant effect, consequence
3) Adversary tree-adversary type, motivation, capability, methods, event, consequences.
Picture the Risk Toleration Funnel, How is it used?
It is used to filter risks.
Picture a risk frontier Graph. How is it used?
It is used to determine if it is more effective to reduce the potential loss/seriousness of consequence or decrease the likelihood of the risk occurring to achieve the desired “Acceptable Risk” frontier.
Picture the Level of Risk Analysis Flowchart.
xxx
What is the main drawback to automated tools?
They are not good at assessing intangible factors.
What is an event Tree?
A tree that traces an initiating event through a sequence with different possible outcomes. Uses inductive logic to infer results.
What is a Fault Tree?
Often used with Event trees to determine the base causes of an event.
