Threat Event Frequency

Threat event frequency represents the number of times per year that a threat actor attempts to execute remote code on a targeted system.

Vulnerability

Vulnerability (or susceptibility) represents the probability that the threat actor can circumvent all relevant controls (detection/prevention of remote code) and successfully execute remote code on the targeted system.

Primary Loss Magnitude

The loss event occurs once the threat actor executes remote code on the asset. This typically triggers incident response, management, and containment efforts, at a minimum

Secondary Loss Event Frequency

Secondary loss event frequency is modeled as the probability of responsive controls (such as backups) being circumvented and conditional (secondary) losses occurring.