Wed Feb 25 06:53:53 PST 2015

Risk Management: Threats: What design basis threat is used?


Codify the design basis threats and fill in the table as appropriate. Fill in details of attack mechanisms within combined capabilities for more in-depth analysis.


The design basis threat is the threat used as the basis for design. Since it is infeasible for most organizations to address every possible threat, risk managers, and typically the chief executive, make a decision about a set of archetypical threats that will be addressed by their security architecture. These should be specified in terms used in the enterprise and additional details identified as appropriate in the table.

Given the DBT, attack mechanisms to be considered in analysis should then be identified based on the assessment of capabilities and intents. A good place to start might be the Database at

An example of a design basis threat for high risk might be the one defined in the Nuclear Regulatory Commission's 10 CFR 73. Here is an extract:

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved