Threat Event Frequency

Threat event frequency represents the number of times per year that a threat actor attempts to launch a distributed denial of service (DDoS) attack against targeted assets.

Vulnerability

Vulnerability (or susceptibility) represents the probability of time that a DDoS attack succeeds in circumventing DDoS mitigation controls and causing an outage of the targeted assets.

Primary Loss Magnitude

The loss event occurs once the threat actor compromises the availability of the targeted asset. This typically triggers incident response, management, and containment efforts, at a minimum.

Secondary Loss Event Frequency

Secondary loss event frequency is modeled as the probability of responsive controls (such as failovers) being circumvented and conditional (secondary) losses occurring. Secondary impact is determined based on the importance of the system and the duration of the outage as prolonged outages may increase the likelihood of secondary stakeholder fallout.