58 ◾ Information Security Metrics
A ◾ simulation model that allows us to apply the taxonomy, measurement
method, and computational engine to build and analyze risk scenarios of
virtually any size or complexity.
ere are four primary components of our risk taxonomy that we want to identify
threat agent characteristics for—those characteristics that affect
e frequency with which threat agents come into contact with our organiza- ◾
tions or assets
e probability that threat agents will act against our organizations or assets ◾
e probability of threat agent actions being successful in overcoming protec- ◾
tive controls
e probable nature (type and severity) of impact to our assets (Figure 4.3) ◾
4.5 Risk Factor Analysis
Other approaches