The Security-specific Eight Stage Risk Assessment Methodology

Existing security risk assessment methodologies have three major flaws: they rely on the assessor to formulate the chain of events that describe each of its threat scenarios, their models cause a combinatorial explosion of calculations due to analysis of the effectiveness of each countermeasure against each threat/vulnerability pair, and they do not spotlight the specific area of improvement needed when threat scenarios are deemed too high risk. This paper presents an eight stage model that is specifically for security threat scenarios, which will directly address these three flaws. The eight stage model is designed to be incorporated into existing risk assessment methodologies at the point where the assessor is to identify threats and analyze the effectiveness of existing countermeasures. By making a distinction between the time a threat occurs, the time a security breach occurs, and the time the harm of that breach occurs, it becomes clear where the countermeasures are in place to break this chain of events. By providing this generic chain of events, the assessor can reduce the number of scenarios analyzed down to one per threat/asset pair, and at the same time identify the specific type of countermeasures that are lacking.