Categorization

For a threat classification system to be useful, it has to be tractable – a manageable number of categories and classes – and wide ranging to cover as many causes of threat as possible. This means that the taxonomy consists of limited numbers of classes of threat that are necessarily large and imprecise. The intent is to capture the broad types of threats: ones that might impact our systems in different ways to the others. Some threat types could be considered as belonging to more than one category, and our peer review processes identified differences in opinion about in which category they best belong, but we have made assignments that best align with the concept of causal similarity.