carver matrix
Sicherheitsrisiken richtig evaluieren.
Criticality: The target value. How vital is this to the overall organization? A target is critical when its compromise or destruction (failure to provide any of the CIA triad components) has a highly significant impact in the overall organization.
Accessibility: How easily can I reach the target? What are the defenses? Do I need an insider? Is the target computer off the Internet?
Recuperability: How long will it take for the organization to replace, repair, or bypass the destruction or damage caused to the target? Once the compromise is found, how long will it take for the system to recuperate from it?
Vulnerability: What is the degree of knowledge needed to exploit the target? Can I use known exploits or should I invest in new, possible 0-day exploits?
Effect: What’s the impact of the attack on the organization? Similar to the first point (Criticality) this point should also analyse possible reactions from the organization.
Recognizability: Can I identify the target as such? How easy is to recognize that a specific system / network / device is the target and not a security countermeasure.