Basic cases and folding

A basic case comprises one or more incidents that, from user’s perspective, should be referred to as a single transaction—for example, copying a directory that contains sensitive data within multiple files to removable media, or uploading a single file to cloud storage and the file being split into multiple data chunks by the web application. In these instances, all these incidents are folded into a single case.

The risk for the case is evaluated by first assessing the total impact of all the incidents in the case and the probabilities for various scenarios (data theft case, false positive etc.). The following card summarizes a case with 50 incidents involving credit card data: