Corporate threat assessment matrix

Chuck Springer IBM

Corporate threat assessment matrix

In this new world of blended threats, how can we adequately assess our levels of response? Many times, if we take the word of only one or even two anti-virus vendor's evaluation on a new and potential threat, we may over-react so often that we fall into the trap of 'the boy that cried wolf'. Once that happens, your credibility is diminished and if a real threat does come along, people will be hesitant to listen.

As providers of service to our organizations, many rely on our knowledge and experience. Yet, we may have become so desensitized by the everyday alerts from one vendor or another of declaring a 'Red Alert' or a 'Category 1' incident, that it is hard to take them seriously. Thus, we need a method whereby this information can be reviewed and put it into a realistic format to determine its overall validity. The result is a matrix, which the IBM Corporation uses, to assess new threats in a clear concise manner. The Threat Assessment Matrix is laid out in such a way that any Virus Incident Response Team can react sufficiently, without over-reacting, to new malware events. The end result is a clear defined procedure to evaluate new threats and address them as necessary.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.