D
Components of risk scenario that are needed for its analysis are: ✑ Actor: Actors are those components of risk scenario that has the potential to generate the threat that can be internal or external, human or non-human. Internal actors are within the enterprise like staff, contractors, etc. On the other hand, external actors include outsiders, competitors, regulators and the market. ✑ Threat type: Threat type defines the nature of threat, that is, whether the threat is malicious, accidental, natural or intentional. ✑ Event: Event is an essential part of a scenario; a scenario always has to contain an event. Event describes the happenings like whether it is a disclosure of confidential information, or interruption of a system or project, or modification, theft, destruction, etc. ✑ Asset: Assets are the economic resources owned by business or company. Anything tangible or intangible that one possesses, usually considered as applicable to the payment of one`s debts, is considered an asset. An asset can also be defined as a resource, process, product, computing infrastructure, and so forth that an organization has determined must be protected. Tangible asset: Tangible are those asset that has physical attributes and can be detected with the senses, e.g., people, infrastructure, and finances. Intangible asset: Intangible are those assets that has no physical attributes and cannot be detected with the senses, e.g., information, reputation and customer trust. ✑ Timing dimension: The timing dimension is the application of the scenario to detect time to respond to or recover from an event. It identifies if the event occurs at a critical moment and its duration. It also specifies the time lag between the event and the consequence, that is, if there an immediate consequence (e.g., network failure, immediate downtime) or a delayed consequence (e.g., wrong IT architecture with accumulated high costs over a long period of time).