The first step in tackling any problem involves developing an understanding of the possible environments that may be faced (or the "states of nature"), one's options, and the objective that is being sought. This requires an identification of the variables that are relevant, that is, those that can significantly influence the outcome as well as the subset of these relevant variables that are controllable, which form the basis for designing options.
In a problem as complex as IW-D, working to formulate the problem accomplishes three things. First, it provides a useful framework for discussion. Second, it serves to keep the focus on those specific areas that are either unknown or in dispute. Third, it serves as a benchmark for measuring progress.
In this case, the states of nature correspond to the nature of the threat that will be faced vis-a-vis the vulnerabilities of our information infrastructure while our options correspond to the strategies we adopt and the actions we take to defend ourselves. The objective being sought corresponds to a level of infrastructure performance, its definition and measure being a major challenge in and of itself.
A good place to start is to try to develop an understanding of the nature of the threat, or more accurately the spectrum of relevant threats. This involves the identification of potential threats and the estimation of their likelihoods. Normally one would construct a set of states of natures that are mutually exclusive and collectively exhaustive so that a probability density function could be used. For the purposes of this discussion, the states of nature referred to correspond to potential threats grouped in some logical fashion to facilitate analysis of how well each defensive strategy deals with each of these threats.
Having an initial concept of the nature and range of potential threats, one can develop alternative defensive strategies and corresponding sets of action to counter one or more of these threats. A great deal depends upon what variables we believe we can and should control.
Each defensive strategy, with its corresponding set of actions, then needs to be analyzed with respect to each of the threats. The results of these analyses will be a characterization of the results or outcomes from pursuing each of the defensive strategies with respect to each of the threats. These outcomes, which are basically descriptions of results (e.g., number of penetrations and their consequences), then need to be translated into value measures that represent their impact. These costs and benefits provide a rational basis for determining an appropriate defensive strategy. Much will depend upon how we measure success.
Given the central role that the threat topology plays in problem formulation, we will now turn our attention to examining this topology.