Threat Assessment

It is an approach that uses various strategies to identify the potential threats and likelihood of them coming true. This assessment provides a basis for making the security plans to save the breaching of security. Threat assessment is carried out in the following manner:

●     The nature of the threats and the vulnerabilities are identified.

●     Then the probability of the disruption due to the impact of these vulnerabilities is estimated.

●     Taking into account the consequences and the likelihood of occurrence, these vulnerabilities are prioritized.

Threat assessment categorizes threats as malicious threats, accidental threats and natural threats. The malicious threats can be further categorized as authorized and unauthorized:

1. Authorized: Authorized threat can be by the user of the application, an insider threat or an unauthorized user who has gained access through someone else’s account.

2. Unauthorized: Unauthorized threats are posed by the person who does not have permission to use the application.

Advantages of Threat assessment:

●     The results of threat assessment are helpful in testing activities.

●     Helps in discovering vulnerabilities, prioritizing them as well as their probability of occurrence.

Disadvantages of Threat Assessment:

●     It does not guarantee discovery of all the security threats

●     It need the documentation of the architecture of the software