README updated

This commit is contained in:
Alexandre Dulaunoy 2016-05-11 08:30:05 +02:00
parent 2f92675808
commit aaf10451f0

View file

@ -6,12 +6,14 @@ Threats Risk Index (TRI)
Threats Risk Index (TRI) is a different way to calculate risks in information security. As we have seen that a lot of risks model based on Threats Risk Index (TRI) is a different way to calculate risks in information security. As we have seen that a lot of risks model based on
generic cases, we wanted to create a risk evaluation which is based on current existing threats. The model of calculation is based on a simple way to sum the measures not implemented. generic cases, we wanted to create a risk evaluation which is based on current existing threats. The model of calculation is based on a simple way to sum the measures not implemented.
~~~~
Threats Risk Index = (Threat probability) * (1+SUM(recommendations not implemented)) Threats Risk Index = (Threat probability) * (1+SUM(recommendations not implemented))
~~~~
threats hreats
======= =======
Threats file is a list of known and seen threats in a specific region by a CSIRT or any organization capables of analysis security incidents. The threat is defined by a simple description and id. Probability values are assigned per region (country-code) and defined on the overall probability of an incident to occur among the overall set of incidents seen. The probability value is a float (from 0 to 1). As the probability depends on the organization doing the analysis, it could be really scoped to their view on threats. Multiple threats and their respective probability can be combined from various sources in a sum. If a threat is no more seen or actively exploited by an attacker, it should be removed from the list. Threats file is a list of known and seen threats in a specific region by a CSIRT or any organization with the capability of analysis for security incidents. The threat is defined by a simple description and id. Probability values are assigned per region (country-code) and defined on the overall probability of an incident to occur among the overall set of incidents seen. The probability value is a float (from 0 to 1). As the probability depends on the organization doing the analysis, it could be really scoped to their view on threats. Multiple threats and their respective probability can be combined from various sources in a sum. If a threat is no more seen or actively exploited by an attacker, it should be removed from the list.
[Current threats](./desc/threats.json) [Current threats](./desc/threats.json)
@ -36,17 +38,22 @@ Example
Cryptoransomware Cryptoransomware
================ ================
~~~~
Backup = 3 Backup = 3
Testing of backup = 4 Testing of backup = 4
Offline backup = 4 Off-line backup = 4
Patching of browser extension = 2 Patching of browser extension = 2
~~~~
If none of the counter-measures are taken, the following risk can be calculated: If none of the counter-measures are taken, the following risk can be calculated:
~~~~
(0.03) (1+3+4+4+2) = .42 (0.03) (1+3+4+4+2) = .42
~~~~
If backup are operational but the browser extensions are never patched: If backup are operational but the browser extensions are never patched:
~~~~
(0.03) (1+2) = .09 (0.03) (1+2) = .09
~~~~