What measure is used to express the Threat Capability (TCap) ability?

The measure used to express the Threat Capability (TCap) ability is represented as a percentage against the Threat Capability Continuum. This approach allows for a standardized way to quantify and compare various threat capabilities. By positioning an organization's threat capability within a continuum, it emphasizes the relative prowess of potential threats in executing attacks against an organization. It provides insight into how capable a threat actor might be in overcoming defenses based on a range of factors, including skill level and resources.

Using a percentage allows stakeholders to understand how their organization's defenses stack up against potential threats, making it a valuable tool for risk management and security planning. The Threat Capability Continuum itself offers a well-defined framework, which categorizes threat capabilities in a way that can be consistently interpreted and utilized across different scenarios.

This method differs fundamentally from purely historical or quantitative measures of incidents, such as past losses or the currency value of potential damages. Such metrics provide insight into the financial impact of events but do not necessarily reflect the current or potential threat landscape in a comprehensive manner. Similarly, counting previous attacks focuses more on historical events rather than assessing the capability of existing threats relative to an organization’s defenses.