Chuck Springer IBM
Corporate threat assessment matrix
In this new world of blended threats, how can we adequately assess our levels of response? Many times, if we take the word of only one or even two anti-virus vendor's evaluation on a new and potential threat, we may over-react so often that we fall into the trap of 'the boy that cried wolf'. Once that happens, your credibility is diminished and if a real threat does come along, people will be hesitant to listen.
As providers of service to our organizations, many rely on our knowledge and experience. Yet, we may have become so desensitized by the everyday alerts from one vendor or another of declaring a 'Red Alert' or a 'Category 1' incident, that it is hard to take them seriously. Thus, we need a method whereby this information can be reviewed and put it into a realistic format to determine its overall validity. The result is a matrix, which the IBM Corporation uses, to assess new threats in a clear concise manner. The Threat Assessment Matrix is laid out in such a way that any Virus Incident Response Team can react sufficiently, without over-reacting, to new malware events. The end result is a clear defined procedure to evaluate new threats and address them as necessary.