...
Vulnerability | Threat-source | Threat Action | Category of Harm | Likelihood of Harm Occurrence | Impact of Harm |
|---|---|---|---|---|---|
Impersonation in e-ticket transactions | Common criminal/identity thief | Impersonation using stolen identity credentials, to receive full market price for stolen fish | Inconvenience, distress or damage to standing or reputation | Low: e-ticket transactions take place in a context of fish delivery, and the fisher and processor are normally known to each other | Low: someone would be likely to notice and when detected, the impact could be effectively mitigated. The impact would be limited to the parties whose identity and fish have been stolen |
Impersonation in e-ticket transactions | Competitor | Impersonation using stolen identity credentials, to sell fish without debiting own quota | Inconvenience, distress or damage to standing or reputation | Low: a competitor might have a motive, but an electronic system does not make them more likely to have means or opportunity. Risk exposure is not significantly different in electronic transactions than it is in paper transactions. | Low: impersonated parties would be likely to notice and when detected, the impact could be effectively mitigated |
Repudiation to escape accountability | Customer (fisher or processor) | Signer claims "I didn't sign that" | Inconvenience, distress or damage to standing or reputation | Low: in most cases a customer who repudiated an e-ticket document submission could then be prosecuted for fishing or processing without meeting record-keeping and reporting obligations. There will generally be independent evidence of the fishing or processing activity (follow the fish.) | Low: agency might expend effort to resolve, but the distress would be limited and short-term |
...