Offensive tool determination strategy R.I.D.D.L.E. + (C)

Intentional threats are a major risk factor related to vulnerabilities in critical infrastructure assets, and an accurate risk assessment is necessary to analyze threats, assess vulnerabilities, and evaluate potential impacts on assets and systems. This research proposes a methodology that can be added as an additional phase in the risk assessment process. The method introduces an extra analytical parameter concerning offensive tool characteristics, improving the understanding of intentional threats. The methodology is presented using clear and accessible language suitable for a broad audience. It is based on an approach described as an "offensive tool determination strategy," summarized by the acronym R.I.D.D.L.E.+C, which refers to the variables used in the analysis: resistance, intrusion timing, damage, disruption timing, latency, efficiency, and cost. These variables are evaluated using open-source intelligence. Each variable is assigned a specific range of values according to its potential impact on the targeted asset. A matrix is then provided for practical application, which can reveal unexpected vulnerabilities and offer a more granular framework for decision-making and security planning.