Many times we see a threat score systems that might be match what you are looking for. Seth Bromberger manager of information security at PG&E has a more generic threat scoring system that can be used by any organization.
This system divides into broad categories like insiders, script kiddies, nation-states, terrorist groups and forces of nature, among others.
Each threat can be assigned a 0(no capability) or a 5(most capable threat).
Capability is judged through attacker's institutional knowledge, technical proficiency, group size and funding, and levels of access.
read more at: http://searchsecurity.techtarget.com/magazineContent/Researcher-Puts-Quantitative-Measurement-on-Information-Security-Threats
Interesting, thanks for sharing!
ReplyDeleteIm curious how this more generic threat scoring system is better than existing systems. Will keep an eye on PG&E developments.
-Brett