Abstract

Threat classification is extremely important for organizations, as it is an important step towards implementation of information security. Most of the existing threat classifications listed threats in static ways without linking threats to information system areas. The aim of this paper is to design a methodology that can classify deliberate threats in a dynamic way to represent each threat in different areas of the information system. This technique is based on the following factors: the attacker's prior knowledge (i. e. the knowledge hold by the source of the threat) about the system, loss of security information and the criticality of the area that might be affected by that threat.