ABSTRACT

Threats are at the core of probability, so threat analysis is at the core of probability analysis. Probability is the composite of a threat actor with intent and capabilities acting on a vulnerable asset. The process of probability analysis, then, is the process of first defining capable threat actors and then estimating their possible intent to harm or attack the assets of the organization we are analyzing. Probability analysis itself is discussed in Chapter 9, Estimating Probability.