Threat Event Frequency

Threat event frequency represents the number of times per year that an internal actor performs an action on the asset that can result in a critical error on the scoped asset. This does not include misconfiguration errors occurring during the setup or change management process. See Insider Misconfiguration Incident for additional details

Vulnerability

Vulnerability (or susceptibility) represents the probability that the action results in an error causing an outage or breach of the asset.

Primary Loss Magnitude

The loss event occurs once the internal actor causes an unintentional breach or outage on an asset. This typically triggers incident response, management, and containment efforts, at a minimum

Secondary Loss Event Frequency

Secondary loss event frequency is modeled as the probability of responsive controls (such as backups) being circumvented and conditional (secondary) losses occurring.