The probable frequency, within a given timeframe, that a threat agent will act against an asset.
You probably see the similarity between this definition and the definition for LEF. The only difference is that the definition for Threat Event Frequency doesn’t include whether threat agent actions are successful. In other words, threat agents may act against assets, but be unsuccessful in affecting the asset. A common example would be the hacker who unsuccessfully attacks a web server. Such an attack would be considered a threat event, but not a loss event.
This definition also provides us with the two factors that drive threat event frequency; Contact and Action. Note that action is predicated upon contact. The figure below adds these two factors to our taxonomy.
Next: Contact
July 31st, 2009 at 1:54 am
[...] the first component of Loss Frequency which is threat event frequency (TEF.) From the introduction, threat event frequency [...]