Abstract
Modern risk assessment techniques recognize that there is a need to perform a threat assessment in order to identify the threats that a system is facing, and the agents that are able to manifest them. Most of them though do not incorporate the process of identifying and analyzing threat agents. Generally, the defenders of computing infrastructures, having spent their professional lives in the “good” side of the wall, would not recognize the identity of a threat agent even when they discover one. Gathering IDS data and analyzing them is a challenge on its own, but identifying threat agents, and analyzing their attributes is a different game altogether. Is an agent motivated enough to pursue his/her target? Does the agent have the technical capability and the knowledge required to exploit a vulnerability? Do enterprises present any of their vulnerabilities to the rest of the world, hence giving threat agents the opportunity to perform active attacks? These are some of the questions that are being addressed in this paper. Our intention is not to put labels in certain categories of people, rather to try and understand these and stimulate the discussions between all those that have good faith.
Original language | English |
---|---|
Pages (from-to) | 97-110 |
Journal | Mediterranean Journal of Computers and Networks |
Volume | 1 |
Issue number | 2 |
Publication status | Published - 30 Oct 2005 |
Keywords
- threat agent
- threat agent identification
- threat agent analysis
- threat assessment