Feasibility Believability Impact Digital Presence Triad for External Attack Surface Management (EASM), Digital Risk Protection (DRP), and Security Ratings
Feasibility Believability Impact Digital Presence Triad for External Attack Surface Management (EASM), Digital Risk Protection (DRP), and Security Ratings

Digital presence is indispensable in today’s world, but it also could be a significant liability.  To understand what is at stake, we developed the Digital Presence Triad. Unlike the industry-recognized CIA triad (Confidentiality, Integrity, and Availability) that guides internal security, the Digital Presence Triad (Feasibility, Believability, and Impact) provides guidance in the identification of threats “external” or “outside” of the organization existing throughout the open, deep, and dark web.

The Digital Presence Triad, also known as FBI, is a strategic framework for assessing or presenting an organization’s online appearance. This framework pits Feasibility, Believability, and Impact against Technical, Strategic, Operational, and Financial Functional Areas.  This intersection facilitates a measured approach to discovering and developing digital risk solutions for any organization.

Feasibility

Feasibility assesses the likelihood and severity of external threats to an organization's digital assets and online presence. This involves identifying and analyzing potential vulnerabilities that could be exploited by external threats, prioritizing responses to possible threats based on their likelihood and severity, and assessing an organization's overall security posture based on various factors. Feasibility is critical as it helps organizations make informed decisions about prioritizing their security measures and resources to protect their digital assets and online presence.

Believability

Believability Digital Presence Triad Security Ratings Cybersecurity Risk Ratings

Believability is the assessment of the credibility and validity of external threats to an organization's digital assets and online presence. It helps prioritize responses to potential threats based on their credibility and validity. It determines the credibility of possible threats and their impact on an organization's security posture. Identifying and measuring the believability of external threats involves analyzing the threat's source and credibility, the danger, the context of the threat, and any supporting evidence or indicators of compromise. By understanding the believability of external threats, organizations can allocate their security resources effectively and make informed decisions about prioritizing their response to potential threats.

Impact

Impact assesses the potential harm and consequences of external threats to an organization's digital assets and online presence. It helps prioritize the response to potential threats based on their potential damage to the organization's operations, reputation, and finances. Identifying and measuring the impact of external threats involves analyzing the potential harm, consequences, and likelihood of successful execution. Understanding the impact of external threats enables organizations to make informed decisions about allocating security resources effectively and mitigating the potential harm and consequences of external threats to ensure business continuity.