Guiding Questions. What observable events at the network layer could give useful information about the likelihood/frequency of attacks? (Network-layer indicators.) This question should be asked for each identified threat scenario and incident. What observable events at the application layer could give useful information about the likelihood/frequency of successful or unsuccessful attacks? (Application-layer indicators.) This question should be asked for each identified threat scenario and incident. What information can we get from vulnerability scanners or security tests? (Test result indicators). This question should be asked for each identified vulnerability. What do we otherwise know about the threats, vulnerabilities, threat scenarios, incidents or assets that could help us assess the level of cyber-risk? (Business configuration indicators.) These questions should be asked for each element of the risk model.
Appears in 2 contracts
Sources: Grant Agreement, Grant Agreement