Figure 4-2.—Threats to AIS assets.
needed. Abuse relates to unauthorized access to
Likelihood and Risk
service, unwanted destruction or alteration of data and
software, and unauthorized disclosure of classified
Likelihood and risk relate to successful attacks and
information.
adverse events. Likelihood relates to chance-what is
We have an adverse event with every fire and with
the likelihood (probability) that a successful attack or
every flood caused by a broken pipe in a computer
an adverse event will occur? Risk has to do with
money; it tells us about the cost of loss or abuse from
room. We have a successful attack with every bowling
an adverse event overtime. We first ask, “What is the
score, recipe, or school paper stored online, and with
value of the AIS asset that will be abused or that we will
every computer hacker that plays crash-the-computer
lose if a given successful attack or adverse event
or scramble-the-data.
occurs?” Then we ask, “How often can we expect that
4-3
