Gartner Blog Network

Threat Assessment – A Tough Subject (And Sharks with Fricking Lasers!)

by Anton Chuvakin  |  April 16, 2014  |  5 Comments

In addition to my threat intelligence work, I am also updating an older GTP/Burton paper on threat assessment (see “Threat Assessment in Dangerous Times” [GTP access required])

WTH is “threat assessment”, apart from a subject that hardly anybody seems to care about? Is it part of risk assessment? Is it one of the threat intelligence use cases? Is it something that only 1%-ers do?

We can decompose it into reviewing the details about the threats (such as via threat actor profiles and other threat intelligence, strategic and tactical) and then assessing the relevance of the threat to our organization.

It may go like this:

  1. Identify broad types of threats to include in the threat assessment (it may well start from the list of all possible threats)
  2. Gather information about threats – their history, background, backing, time frames for action, capabilities, and intents [capabilities + intents tuple being the core of it!]; this applies to classes of threats, specific threats and occasionally specific threat actors
  3. Analyze those threats in terms of their interaction with company assets, personnel, locations, technologies, and systems.

Let’s try this process to see how it may be done (the example below is inspired by Austin Powers and of course this video):

Threat Threat Actor Profile Relevance to Our Organization
Sharks with fricking lasers Adversary level: advanced

Intent: w
orld domination

Capabilities: biting, lasing, raising killer waves, causing terror

ObservedTTPs: laser beam in the eye, phishing, exfiltration via pool drain

AssociatedActors: sharks with freeze rays

Were seen in the corporate pool

Attacked a similar organization

Are known to be interested in our technology for underwater teleportation

BTW, does anybody has a full STIX threat actor profile for a shark with a fricking laser? The table above only serves as a poor man’s threat profile and threat assessment documentation. Still, given the above threat assessment, we absolutely must include “sharks with fricking lasers” into our organization’s risk assessment!

Posts related to this research project:

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: security  threat-intelligence  

Anton Chuvakin
Research VP and Distinguished Analyst
8 years with Gartner
19 years IT industry

Anton Chuvakin is a Research VP and Distinguished Analyst at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio

Thoughts on Threat Assessment – A Tough Subject (And Sharks with Fricking Lasers!)

  1. Ronald says:

    Do you include the IRAM methodology in your threat assessment paper(s)??

  2. @ronald As a matter of fact, I do. IRAM does get an honorable mention in the paper.

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.