This paper presents TAME, a methodology for assessing threats, and gives a high level overview of its phases and processes. After the evaluation of an initial methodology that was developed in 2001, certain changes had to be made. These changes are presented in this paper. Following that, an example scenario of what an enterprise can gain by using the TAME methodology instead of an existing risk assessment methodology is given. The reader is not expected to be convinced for the efficiency of the methodology from this simplistic scenario. Its purpose is to "sting" the appetite of the reader towards the effectiveness of the methodology and the extent to which enterprises can get an understanding of the information security threats that they have to face.
- Threat Agent
- Threat Impact
- Vulnerability Analysis and Threat Assessment