The threat subontology build upon Peltier’s threat classification, comprises natural, accidental and intentional threats at the highest level, followed by a detailed subclassification. An in-depth threat description for clarity, as well as endangered security objectives, following the security- and dependability taxonomy referring to Avizienis et al. (confidentiality, integrity, availability, accountability, authenticity, reliability and safety), are provided for each threat. This is useful if a company wants to prioritize their IT security strategy regarding specific attributes. Often the occurrence of a threat gives rise to or intensifies other threats, therefore these relationships are reflected in the ontology.
The annual rate of occurrence of each threat is stored within the probability concept which is linked to the threat and location subontology to map location-dependent threat occurrence rates. For natural threats such as flood and earthquake national weather and research centers provide proper data-sets to determine annual occurrence rates. Local law enforcement agencies are able to provide data for intentional threats such as theft, active wiretapping and vandalism and for accidental threats such as power-outage the local energy supply company is able to provide reliable data about former power-outages. Insurance companies can be also used to get reliable data regarding specific threat occurrence rates.
Furthermore, each threat exploits one or more vulnerabilities which can be found in the vulnerability subontology. Understanding the relationships between threats and endangered assets is vital for a comprehensive security planning and thus these connections have been integrated. Assets are reflected by classes in the infrastructure subontology.
In the following an example is given to clarify the threat ontology: Unauthorized access to the office building is a subclass of the class unauthorized access. If this threat would be given rise by a threat agent, availability would be affected the most. While simple unauthorized access could have damaged windows or doors as consequence, the possible subsequent threats, e.g. theft of hardware or vandalism, could have severe impact on the company’s availability, confidentiality and integrity. Defined vulnerabilities which could be exploited by the unauthorized access threat to the office building are doors or windows with a low level of security or the unauthorized dissemination of access credentials by employees.
A vulnerability is the absence of a proper safeguard that could be exploited by a threat. We subclassified the subontology vulnerability into three distinct classes: (1) administrative vulnerability, (2) physical vulnerability, and (3) technical vulnerability. Each vulnerability can be exploited by predefined threats of the threat subontology and mitigation is achieved by selection of one or more controls which are implemented by elements from either the infrastructure, control or software subontology.