Skip to main content

Appendix

Taxonomy of Threat Sources

Type of Threat Source

Description

Characteristics

ADVERSARIAL

Individual (outsider, insider, trusted insider, privileged insider)

Group (ad hoc, established)

Organization (competitor, supplier, partner, customer)

Nation-State

Individuals, groups, organizations, or states that seek to exploit the organization’s dependence on cyber resources (i.e., information in electronic form, information and communications technologies, and the communications and information-handling capabilities provided by those technologies). Capability, Intent, Targeting
ACCIDENTAL

User

Privileged User/Administrator

Erroneous actions taken by individuals in the course of executing their everyday responsibilities. Range of effects
STRUCTURAL

Information Technology (IT) Equipment (storage, processing, communications, display, sensor, controller)

Environmental Controls (temperature/Humidity controls, power supply)

Software (operating system, networking, general-purpose application, mission-specific application)

Failures of equipment, environmental controls, or software due to aging, resource depletion, or other circumstances which exceed expected operating parameters. Range of effects
ENVIRONMENTAL

Natural or man-made disaster (fire, flood/tsunami, windstorm/tornado, hurricane, earthquake, bombing, overrun)

Unusual Natural Event (e.g., sunspots)

Infrastructure Failure/Outage (telecommunications, electrical power)

Natural disasters 3and failures of critical infrastructures on which the organization depends, but which are outside the control of the organization.

Note: Natural and man-made disasters can also be characterized in terms of their severity and/or duration. However, because the threat source and the threat event are strongly identified, severity and duration can be included in the description of the threat event (e.g., Category 5 hurricane causes extensive damage to the facilities housing mission-critical systems, making those systems unavailable for three weeks).

Range of effects

Risk Determination Matrix

Impact


Likelihood
Rare Unlikely Possible Likely Almost Certain
Catastrophic Moderate Moderate High Very High Very High
Major Low Moderate Moderate High Very High
Moderate Low Moderate
Moderate
Moderate
High
Minor Very Low
Low
Moderate
Moderate
Moderate
Insignificant Very Low
Very Low
Low
Low
Moderate

Connect With Us

Service Desk Hours and Contact

Service Desk Hours

Monday – Friday: 7:30 a.m. – 8 p.m.
Saturday and Sunday: Noon – 8 p.m.

Closed on official University holidays.

Contact Us

Information Technology Services
One Waterfront Place
Morgantown, WV 26506

(304) 293-4444 | 1 (877) 327-9260
ITSHelp@mail.wvu.edu

Get Help

Maintenance Schedule

To function effectively and securely, applications and the systems that support them must undergo regularly planned maintenance and updates.

See Schedule