The probable frequency, within a given timeframe, that a threat agent will come into contact with an asset.
Contact can be physical or “logical†(e.g., over the network). Regardless of contact mode, three types of contact can take place; random, regular, and intentional.
- Random – the threat agent “stumbles upon†the asset during the course of unfocused or undirected activity
- Regular – contact occurs because of the regular actions of the threat agent. For example, if the cleaning crew regularly comes by at 5:15, leaving cash on top of the desk during that timeframe sets the stage for contact
- Intentional – the threat agent seeks out specific targets
Each of these types of contact is driven by various factors. Because this is only an introduction, we won’t get into the details at this time. A useful analogy, however, is to consider a container of fluid containing two types of suspended particles – threat particles and asset particles. The probability of contact between members of these two sets of particles is driven by various factors, including:
- Size (surface area) of the particles
- The number of particles
- Volume of the container
- How active the particles are
- Viscosity of the fluid
- Whether particles are attracted to one another in some fashion
- Etc…
Next: Action
Leave a Reply