Skip to content
Log in

Confidence level

Definition

An explicit label attached to an attribution assessment indicating how strongly the available evidence supports the conclusion. Standard tiers are low, medium, and high. Omitting confidence levels from published attribution assessments is an analytical error because it implies certainty that the evidence does not support.

Related terms

Attribute sampling
A statistical sampling method that tests whether each selected item either has or lacks a specified attribute, for example whether a change...
Attribution
The process of identifying the threat actor responsible for a cyberattack. Attribution is a confidence-weighted analytical conclusion, not a binary fact. It...
False flag
A deliberate deception in which an attacker plants indicators designed to make the intrusion appear to originate from a different actor. Common...
Judgement sampling
Selection of audit items based on the auditor's professional assessment of where errors or weaknesses are most likely to exist. Results cannot...
Monetary unit sampling (MUS)
A probability-proportional-to-size method that treats each currency unit in the population as a sampling unit. Larger transactions have a higher probability of...
Risk-directed selection
A judgmental sampling approach in which items are chosen because they exhibit specific risk indicators: unusual amounts, unusual payees, bypass of normal...
Stratified sampling
A sampling design that divides the population into homogeneous subgroups (strata) and samples each stratum separately. Allows the auditor to apply higher...
Technical vs. legal attribution
Technical attribution identifies the infrastructure and tooling used in an attack and may link it to a known cluster or actor profile....
Threat actor cluster
A named collection of observed activity linked by shared infrastructure, malware, and TTPs, without necessarily having confirmed the real-world identity of the...
Tolerable deviation rate
The maximum error rate the auditor is willing to accept in the population without modifying the audit conclusion. If the projected error...
Tolerable deviation rate (TDR)
The maximum rate of control deviations the auditor is willing to accept before concluding that a control cannot be relied upon. Setting...
TTPs (Tactics, Techniques, and Procedures)
The behavioural fingerprint of a threat actor: the broad goals and approaches they pursue (tactics), the specific methods they use to achieve...

Explained in these topics

  • Attribution in Cyber InvestigationsAn explicit label attached to an attribution assessment indicating how strongly the available evidence supports the conclusion. Standard tiers are low, medium,...
  • Audit Sampling Techniques and Working PapersThe probability that the sample result correctly reflects the true population characteristic. Expressed as a percentage, typically 90 to 95 percent in security...
  • Sampling Techniques in Fraud AuditsThe probability that the sample result falls within the auditor's acceptable error margin. A 95% confidence level means the auditor accepts a 5% risk of conclu...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account