Mathematical Model I: Static Intentional Risk

As we have presented in Chap. 1, two different types of risk related to Intentional Risk are identified: The Static Risk and the Dynamic Risk. Roughly speaking, we can summarize their differences as follows: Static Risk: It is opportunistic risk. Its main feature is that this risk follows authorized paths. A clear example of this type of risk is when employees or contractors take data they have authorized access to and use it for personal gain. Dynamic Risk: It is the type of directed intentional risk. It can be identified because of its tendency to follow unauthorized paths. The paradigm for this system is represented by the use of a vulnerability in the system to gain technical or administrative accesses. In other words, Dynamic Risk is directly linked to the use of potentially existing paths (but not authorized) in the network. An example of dynamic risk would be an intrusion to a network by external hackers.